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A Platform Built by Force 

Salesforce service raises questions about integration 




Analyst Rob Enderle believes today's 
fast development tools render the 
concept of RAD essentially obsolete. 

Rapid 

Application 

Decline? 

Analyst, vendors share 
different views on RAD 

BY JEFF FEINMAN 

When the concept of rapid appli- 
cation development first sur- 
faced in the 1980s, RAD was 
heralded as a way to meet appli- 
cation delivery schedules, at the 
risk of sacrificing usability and 
features. 

But as new tools focusing on 
sheer speed have emerged since 
those days, does RAD remain 
relevant? 

Analyst Rob Enderle, founder 
and principal analyst of The 
Enderle Group, argued that the 
concept of RAD is dead. Some 
tool makers say that RAD has 
undergone a metamorphosis and 
now implies agile development, 
while others believe that tradi- 
continued on page 37 ► 



BY ALEX HANDY 

For platform-as-a-service to 
work, it all comes down to inte- 
grations. 

When Salesforce.com CEO 
Marc Benioff announced his 
company's new Force.com plat- 
form-as-a-service site in mid- 
September, his employees spent 
time assuring that integrations 
were at the heart of this new 
platform. But these integrations 
aren't all coming from Sales- 
force itself; many of the compa- 
ny's highly touted customer 
integration projects were com- 
pleted by third-party develop- 
ers who now make their living 
by tying internal and external 



applications together. 

But that's all part of the plan, 
said Peter Coffee, Salesforce's 
director of platform research 
and former eWeek columnist. 
He explained that Salesforce 
offers consumable APIs for 
developers who wish to write 
their own integrations, but 
third-party integration solutions 
abound. Cast Iron Systems has 
even developed a network appli- 
ance to do the job. 

The platform launch was 
accompanied by the announce- 
ment of new application con- 
struction tools. At the heart of 
the Force.com development 
environment is Salesforce's Apex 



programming language and its 
new Visualforce user interface 
design tool. 

Apex, which was introduced 
at Salesforce's 2006 Dream- 
force convention last fall, cre- 
ates functional code that in 
practice works like a stored pro- 
cedure. These procedures can 
be coupled together into Web 
pages using Visualforce. Appli- 
cations can then be debugged 
through a new Eclipse plug-in 
designed to connect to the 
Force.com system internals. 

Salesforce is banking heavily 
on the Force.com platform as a 
contender in the field of enter- 
prise application platforms, and 



not just as a new place for star- 
tups to build their software. 

When asked if Salesforce 
was advocating the removal 
of customers' old infrastructure 
to be replaced by Force.com, 
Coffee said, "I don't think 
we would ever tell people 
that's something they need to 
do. The entire point of what 
we've been trying to make clear 
in the integration area is 
that it's not an either-or propo- 
sition, [but rather] 'Where's the 
best place to make that new 
investment?' " 

Denis Pombriant, founder of 

analyst firm Beagle Research 

continued on page 37 ► 



GPL Lawsuit Starts Monsoon 

SFLC believes mere compliance isn't punishment enough 



BY ALEX HANDY 

The first GPL lawsuit has been 
filed in the United States — and 
despite quick moves by the defen- 
dant to stop violating the GPLv2 
license, the case might settle some 
long-standing questions about 
open source code. 

The Software Free- 
dom Law Center (SFLC) 
announced in late Sep- 
tember that it had filed 
suit against Monsoon Multime- 
dia on behalf of the two princi- 
pal developers of the open 
source project BusyBox. The 
lawsuit, filed in U.S. District 
Court in New York, alleged that 
Monsoon Multimedia infringed 



GPLV3 

SLOW ON 

THE UPTAKE 

PAGE 7 



upon GPLv2 by refusing to dis- 
tribute the source code for its 
product, which made use of 
BusyBox. 

Five days later, on Sept. 25, 
Monsoon Multimedia announced 
that it would comply by distribut- 
ing the source code, but 
at press time, the SFLC 
had not agreed to a set- 
tlement of the lawsuit. 
Monsoon Multime- 
dia, a company that makes digi- 
tal television recording and dis- 
tribution devices, admitted prior 
to the filing of the suit that it 
used BusyBox in its product. 
BusyBox is a suite of Unix-like 
tools typically used in embedded 



and minimal Linux distributions. 
Erik Andersen and Rob Landley, 
the two BusyBox developers 
who are the plaintiffs in this 
case, originally notified Mon- 
soon Multimedia of their viola- 
tion in early September. When 
no response was seen after a 
week, the pair turned to the 
SFLC to make its case. 

Dan Ravicher, legal director 
of the SFLC, said that resolving 
the lawsuit through compliance 
alone would not send the right 
message. "The problem with 
only requiring compliance is 
that there's no real punishment 
for people who go around 
continued on page 33 ► 




Associate law professor James 
Grimmelmann asks: Is GPLv2 a 
license or a contract? 
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▲ AJAX-enabled run 
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toolbars and settings 
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elegant "Ghost Bar" 

provides end users with features such 

as data copying, grouping, sorting & 

filtering, hide or show columns, plus 

font selection, size, style & color. 
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EU Court Upholds Landmark Antitrust Ruling 

Microsoft required to pay a fine of €497 million as appeal denied 



BY DAVID WORTHINGTON 

Microsoft's appeal fell on deaf 
ears on Sept. 17 as the Euro- 
pean Union's second-highest 
court upheld the March 2004 
European Commission finding 
that the software maker abused 
its dominant market position in 
Europe. 

The European Court of 
First Instance in Luxembourg 
found that Microsoft had 
infringed Article 82 of the EC 
treaty, as the commission had 
claimed. It was found to have 



engaged in two separate types 
of misconduct and subsequent- 
ly fined a landmark €497 mil- 
lion plus court costs. 

The two counts were based 
on Microsoft's refusal to share 
interoperability information with 
competitors, and for bundling 
software with Windows that cre- 
ated anticompetitive conditions 
in the media player marketplace, 
the commission said. 

The courtroom saga began 
in 1998 after Sun Microsystems 
levied a complaint against 



Microsoft for denying its 
request for Windows Server 
communication protocols that 
would have made its Solaris 
server operating system inter- 
operable with Windows. 

Microsoft rejected Sun's 
request on the grounds that 
documentation was available in 
the public domain and its belief 
that Sun was attempting to 
mimic the behavior of Win- 
dows, but the commission flatly 
rejected that argument and 
required it to provide its com- 



EU COMMISSIONER TUSSLES WITH DOJ 



Neelie Kroes is not taking any lip from the U.S. 
Department of Justice's assistant attorney gen- 
eral of antitrust. 

After the European Union and the Court of 
First Instance in Luxembourg dismissed an 
appeal by Microsoft to retract the Commission's 
2004 antitrust ruling, Kroes, the EU's competi- 
tion commissioner, lashed out at Thomas Bar- 
nett, the U.S. DOJ's assistant attorney general of 
antitrust, for his criticism of the decision. 

In a statement, Barnett warned that the ruling 
could "have the unfortunate conseguence of 
harming consumers by chilling innovation and 



discouraging competition." 

Kroes answered Barnett's comment by say- 
ing, "It's totally unacceptable that a representa- 
tive of the U.S. administration should criticize 
an independent court of law outside of its juris- 
diction." 

Though Barnett may not have agreed with the 
EU, many in the software industry applauded the 
decision. "In our business, interoperability infor- 
mation is critically important and cannot simply 
be withheld to exclude all competition," said 
Matthew Szulik, chairman and CEO of Red Hat. 

—Jeff Fein man 



petitors with interoperability 
information as a remedy. 

Microsoft was also required 
to offer European customers a 
version of its flagship operating 
system without the Windows 
Media Player, resulting in the 
so-called "N" editions of Win- 
dows XP and Vista. 

"The Court considers that 
the Commission was correct to 
conclude that the work group 
server operating systems of 
Microsoft's competitors must 
be able to interoperate with 
Windows domain architecture 
on an equal footing with Win- 
dows operating systems if they 
are to be capable of being mar- 
keted viably," the court's ruling 
read. "The absence of such 
interoperability has the effect 
of reinforcing Microsoft's com- 
petitive position on the market 
and creates a risk that competi- 
tion will be eliminated." 

In its upholding of the EC 
finding on Windows Media 
Player, the court determined 
that Microsoft's bundling of its 
own software had the inevitable 



consequence of affecting rela- 
tions on the market between 
Microsoft, OEMs and third-par- 
ty media software vendors by 
altering the balance of competi- 
tion in Microsoft's favor. The 
court found that to be detrimen- 
tal to media player makers. 

The court, however, did 
annul the part of the EC's 2004 
ruling that would have required 
Microsoft to finance the cost of 
an independent monitoring 
trustee to examine its future 
behavior. It found that the com- 
mission had no authority to 
compel Microsoft to grant a 
monitoring trustee powers that 
the EU Constitution itself is not 
authorized to confer onto a 
third party. 

Microsoft general counsel 
Brad Smith said at a news con- 
ference, "It's clearly very impor- 
tant to us as a company that we 
comply with our obligations 
under European law. We'll study 
this decision carefully, and if 
there are additional steps that we 
need to take in order to comply 
with it, we will take them." I 



Altova Dives Deeply Into Databases 



BY DAVID WORTHINGTON 

If a trading partner sends anoth- 
er partner an XML file, the safe 
money is that it is not formatted 
to fit a particular table in that 
partner's database, and neither is 
that XML feed of calendar infor- 
mation that the marketing 
department subscribes to. 

Scenarios such as these 
motivated Altova to broaden 
the database functionality of its 
2008 product line, said Tim 
Hale, Altova's director of global 
marketing. 

The 2008 versions of Altova 
DatabaseSpy, MapForce, Style- 
Vision and XMLSpy have new 
capabilities to connect to rela- 
tional databases, and edit, 
query and view relational and 
XML data stored within. The 
products were released in mid- 
September. 

DatabaseSpy 2008 provides 
a unified interface, query and 
design tool for multiple data- 
bases from major vendors, 
including those from IBM, 
Microsoft and Oracle. It can 
now create and edit database 
views — stored queries of data 
from database tables — as well 



as stored procedures, with the 
goal of optimizing repetitive 
SQL statements. 

Altova also added database 
content editing functionality to 
DatabaseSpy, designed to enable 
users to edit and retrieve content 
in existing database tables, add 
rows to insert new data or delete 
rows through a point-and-click 
paradigm. Changes are not 
applied against production data- 
bases until the user reviews them 
and commits to the change. 

When a calendar RSS feed 
has field values that differ from 
a database input field, data con- 
version is necessary. MapForce 
2008 adds a value map function 
that transforms field values 
from the source to the target, 
said Hale, making it possible, 
for example, to swap numbers 
for the names of the months 
that represent them. 

A database connection wiz- 
ard and Altova's database query 
window were added to Altova's 
StyleVision stylesheet designer. 
New features also make it pos- 
sible to reuse portions of exist- 
ing design files when creating 
new designs. 



Uivhrf ■■■ 'f I apilVr. 









= ^$f=r- 






Bi n ,' ■ a -\ 



/-Six p 




! 

MapForce 2008 can transform field values from the source to the target. 



Altova's flagship XMLSpy 
product now offers extended 
support for Microsoft's Office 
Open XML document file for- 
mats. Users can edit, extract, 
query and transform data that is 
stored in Microsoft Office 
application files. 

There's not much one can do 
with data locked away in propri- 
etary formats, except e-mail it 
around, said Hale. "You can now 
write applications to extract, 



transform and use that data pro- 
grammatically That's huge. 
Once people realize that they 
have data that is somewhat stan- 
dards-based, they can do a lot 
more with it than they have been 
able to do in the past." 

Additionally, XMLSpy now 
allows SQL data editing from 
within its query window. 

Integration is the watchword 
for Altova's 2008 product line. 
The UModel UML modeling 



environment now integrates 
with Eclipse and Microsoft 
Visual Studio, with added sup- 
port for Visual Basic .NET code 
engineering. UModel is syn- 
chronized with the source code 
editors of both IDEs for real 
time visualization of applica- 
tions revisions. 

SCHEMA MANAGEMENT 

Hale noted that SchemaAgent, 
once a value-add to Altova's Mis- 
sionKit suite, is coming into its 
own as a standalone product 
with this release. Originally 
intended to analyze relation- 
ships between XML schemas, 
SchemaAgent now visualizes and 
manages Extensible Stylesheet 
Language Transformations and 
Web Services Description Lan- 
guage file relationships. 

SchemaAgent also includes 
change impact analysis capabil- 
ities. "It's good to know in 
advance if documents would 
become invalid," said Hale. 

Finally, DiffDog 2008 now 
features one-click directory 
merge and binary file compari- 
son, while SemanticWorks 2008 
allows developers to edit 
instances of classes when design- 
ing Semantic Web documents, 
ontologies and vocabularies. I 
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OpenAJAX Alliance Looks 
To Tighten Mashup Security 



BY JEFF FEINMAN 

In the midst of all the activity at 
September's AJAX World in 
Santa Clara, a prominent AJAX 
body was hard at work laying 
out initiatives for secure 
mashups and stronger IDE 
support. 

The OpenAJAX Alliance 
announced OpenAJAX Hub 
version 1.1, a small JavaScript 
library that allows multiple 
AJAX toolkits to work together 
on the same page. The new hub 
will support secure mashups 
and enable client/server mes- 
saging. The alliance expects to 
deliver both a specification and 
a commercial-quality open 
source implementation. 

The key problem with keep- 
ing mashups secure, according 
to David Boloker, CTO of 
emerging technologies at IBM 
and a founder of the alliance, is 
that they come from multiple 
domains. Hub 1.1 is a way to 
secure the mashups that come 



in by isolating them into what 
he called "secure sandboxes." 
The plan is to have mashups 
use OpenAJAX Hub's publish- 
and-subscribe features to 
achieve mediated cross-compo- 
nent messaging. 

Boloker said the OpenAJAX 
Alliance started a discussion of 
mashup security a long time 
ago, and an OpenAJAX task 
force is focused on the subject. 

"There's a blending of ideas 
in the [area] of security and 
how to allow multiple widgets 
on a Web page to communi- 
cate with one another," he said. 
"If you think about it, a 
mashup is someone else's 
JavaScript coming in onto your 
page, and if you do that in a 
pub-sub manner and everyone 
is communicating, you can 
secure the mashup. That's 
where the security task force 
and OpenAJAX Hub 1.1 are 
coming from." 

The alliance has also re- 



leased a new white 



papei 



, titled 



"AJAX and Mashup Security," 
which summarizes the ways in 
which AJAX applications could 
be attacked and provides a set 
of best practice techniques to 
address each of the vulnerabili- 
ty areas. The white paper is 
available at www.openajax.org. 

According to Boloker, the 
alliance is starting to spread its 
wings, and has many activities 
taking place. It has formed the 
Mobile AJAX committee, which 
will focus on both educational 
materials and technical stan- 
dards. There is a workgroup 
concentrating on AJAX IDEs, 
looking to find the best way to 
integrate AJAX components 
with IDEs. 

The OpenAJAX Alliance was 
formed in late 2005, and mem- 
bers include Google, IBM, Las- 
zlo, Microsoft, Mozilla, Novell, 
Oracle and Yahoo. It is focused 
on creating interoperability 
between AJAX frameworks. I 



GPLv3 Slow on the Uptake 

Open source projects aren't flocking to the new license 



BY ALEX HANDY 

Evans Data in late Sep- 
tember released the 
results of a study mea- 
suring the uptake of 
GPLv3 in the open 
source community. The 
survey showed that the 
majority of projects and 
users surveyed haven't 
made the move to 
GPLv3, and that they're 
not likely to do so any- 
time soon. The survey 
showed that only 6 per- 
cent of open source pro- 
jects have made the 
switch, and that 43 per- 
cent of those inter- 
viewed have no plans to 
ever move to the license. 

John Andrews, president 
and CEO of Evans, said that he 
and his team were not sur- 
prised by the results of this sur- 
vey, which contacted almost 
400 open source developers. 
He said that the new restric- 
tions imposed by GPLv3 make 
it difficult for developers to 
commit to a shift, and intro- 
duce new hurdles that could 



What do you think of the new 
restrictions in GPLv3? 
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get in the way of adoption and 
development. 

"GPLv3 is controversial 
because it imposes restrictions 
on what you can do with pro- 
grams implemented under this 
license," said Andrews. "Devel- 
opers are confused and divided 
about those restrictions, with 
fairly equal numbers agreeing 
with the restrictions, disagree- 



ing with them, or think- 
ing they will be unen- 
forceable." 

Palamida, a software 
company that address- 
es licensing issues in 
the enterprise, has 
been tracking GPLv3 
and LGPLv3 move- 
ment since the license 
was finalized in July. 
According to its num- 
bers, about 750 pro- 
jects have moved to 
these two licenses. 
Among those are GNU 
Emacs and numerous 
smaller projects that 
are typically focused on 
the consumer or small 
developer. 
Bernard Golden, author of 
the book "Succeeding with 
Open Source," said that the pri- 
mary reason he expects devel- 
opers aren't adopting GPLv3 
can be explained with a simple 
cliche: "If it's not broke, why fix 
it? For many [open source 
developers,] they feel they're 
getting what they need from 
GPLv2." I 
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, COMPANIES , 



Language distribution and development tool maker ActiveState has 
created the Open Komodo Project, an initiative to create an open 
source platform and support open Web standards. ActiveState has 
open-sourced the browser-side capabilities of Komodo Edit, a free mul- 
tilanguage editor for dynamic languages. The first tool that the project 
is creating on the Open Komodo codebase is a client-side Web devel- 
opment tool that will be integrated with Firefox. 



, NEW PRODUCTS , 



XML 



AgileDelta, a creator of software that aids in the delivery 
of information across enterprise systems, has released 
Efficient XML for Microsoft's .NET Framework. Efficient 
XML for .NET allows Microsoft servers to interoperate with a range of 
Java-powered mobile devices and desktops. The tool implements .NET 
XML interfaces that can be used in .NET applications . . . Intel has 
released a beta version of its C/C++ compiler that supports software 
transactional memory. For threaded programming, this compiler can 
minimize the need for locking processor threads when separate 
processes need to access a single piece of data. The compiler beta can 
be downloaded at developer.intel.com . . . OpenLogic, a provider of 
enterprise open source software tools, has launched the OpenLogic 
Exchange (OLEX), a free Web site where companies can download 
rUCY 1 ^ enterprise open source packages. OLEX provides 



access to more than 300 updated open source soft- 
ware packages, along with tools and information on 
open source licenses and policies to help improve governance of open 
source in the enterprise . . . Data visualization technology provider 
Dundas Software has released Dundas Gauge for SharePoint, a set of 
gauge components designed specifically for Microsoft's SharePoint 
portal technology. The new product has AJAX-enabled gauges and 
data analysis abilities. There is also a new callback manager for exe- 
cuting JavaScript on the client without refreshing the entire page 
. . . Venafi, a provider of systems management for encryption, has 
released the Client Encryption Manager for the Windows Encrypt- 
ing File System. The new tool provides automated configuration and 
management capabilities, and helps companies using Microsoft tech- 
nology protect client data. The tool also offers migration to Windows 
Vista, with a full disk encryption data-protection feature. 

, UPDATES , 

A preview version of Visual Studio Team System Web Access 2008 

is available as a free download on Microsoft's Web site, and can be 
installed with licensed installations of Team Foundation Server. The 
Web interface for TFS can display custom controls on work item forms, 
and offers the ability to queue new builds and add new work items or 
edit existing ones, and the ability to view documents on SharePoint 
portals . . . RIA provider Laszlo Systems has released version 1.2 of 
Laszlo Webtop, its flagship commercial desktop application suite for 
Web 2.0. The update includes Laszlo Mail and Contacts, which offers 
the ability to integrate advertising. Webtop 
can also be complemented with modules like 
news and weather, or productivity applications like VoIP-based calen- 
daring and real-time messaging . . . Project management software 
creator Vertabase has launched its Vertabase 4 platform. Vertabase 
lets users enter information via software applications and then share 
reports and manage projects with third-party apps. New features 
include the use of Microsoft Excel and Google spreadsheets to import 
schedules and tasks and the export of projects to Microsoft Outlook 
and Google Calendar . . . AdventNet has announced the general avail- 
ability of SwisSQL Data Migration Edition 4.9, its tool for moving 
data between flat files and relational databases that now can migrate 
data and schemas to and from PostgreSQL databases . . . CapeClear 
Software, a company that provides an enterprise service bus platform, 
has announced version 7.5 of its ESB platform. CapeClear 7.5 brings 
new Eclipse tooling that automates tasks in SOA application develop- 
ment. A new feature called the SOA Assembly Editor simplifies the 
creation of SOA apps and integrates with REST resources. I 
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Practice Lean Development? 
You Bet You Kan(ban) 

Japanese company applies Toyota 
production techniques to software 



BY DAVID RUBINSTEIN 

What do the manufacture of automobiles 
and the development of software have in 
common? If you're Japanese project man- 
agement tool maker Change Vision, the 
similarity rests in the concept of "kanban." 

Loosely kanban means sign or bill- 
board in Japanese, but it also is the word 
used to describe the "pull" production 
methods developed at Toyota to ensure 
that what is made meets the actual 
demands of customers. Change Vision is 
taking that concept and applying it to 
software, seeking to ensure that the only 
new features added to software are those 
defined by the users of that software. 

"Kanban generates tickets that make 
the work self-directing," explained Ken- 
ji Hiranabe, CEO of Change Vision, who 
was at the mid-September SD Best 
Practices event in Boston to give the first 
showing of his kanban-based Trichord 
agile project-management tool in the 
United States. 

"In the Toyota Production System, no 



process produces output without having 
a real need from a downstream process," 
Hiranabe continued. "This prevents 
making work in progress" or inventory, 
which in the Toyota system is kept to a 
minimum. "In agile [software develop- 
ment], the customer is defining the out- 
put that pulls value from the project 
team. It's not 'analysis-design-code-test' 
then 'customer.' That's backward." 

Conventional methods can leave 
organizations with unwanted code and 
features that are not fully developed — or 
excess inventory. "Our goal is to have no 
inventory," Hiranabe said. 

Using kanban to develop software, 
Hiranabe said, "allows for the creation of 
valuable software. This is akin to lean pro- 
duction. The customer is first." Hiranabe 
is so taken with lean production for soft- 
ware that he has translated Mary and Tom 
Poppendieck's seminal work on the sub- 
ject, "Lean Software Development: An 
Agile Toolkit for Software Development 
Managers," into Japanese. 




.... 



Kanban feature cards are placed into a timeline for completion only after they are 'pulled' 
from end users. 



Trichord is a simple project manage- 
ment tool that utilizes kanban-style 
boards to describe stories, tasks or fea- 
tures, which are then placed into a 
timeline for completion. The tool also 
includes burndown charts and so-called 
"parking lot" charts that give a higher- 
level view of a project's status. In addi- 
tion, the tool works with the open 
source Trac project for issue tracking; 
a symbol will appear in the kanban card 



if the issue originated in Trac. 

One feature that was directly lifted 
from Japanese manufacturing is a 
"niko-niko" calendar, which tracks the 
mood of team members from day to day 
via facial-expression icons and to which 
comments can be posted, such as "I've 
been working for seven solid hours and 
I'm exhausted!" A manager can then 
decide to give that team member a 
break, or a pep talk. I 
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BEA Refreshes Transactional Classic 

Company overhauls extensibility, security in Tuxedo processing monitor 



BY JEFF FEINMAN 

BEA Systems is taking its Tuxe- 
do out of mothballs and tailor- 
ins the venerable transaction- 



oriented middleware with new 
versions of the Tuxedo transac- 
tion processing monitor for 
C/C++ and COBOL applica- 



tions, and its companion Ser- 
vices Architecture Leveraging 
Tuxedo stack. A new end-to-end 
monitoring tool, Tuxedo System 



and Application Monitor 
(TSAM), was expected to debut 
at the same time. According to 
BE As Lorenzo Cremona, direc- 
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tor of Tuxedo product market- 
ing, TSAM gives customers the 
ability to set service-level agree- 
ments based on average 
response and transaction times. 
TSAM is a framework that 
allows customers to manage 
performance-based characteris- 
tics on transactions and mes- 
sages. It can also connect to 
third-party management con- 
soles, such as BMC Perfor- 
mance Manager, HP OpenView 
and IBM Tivoli. 

FOCUS ON SECURITY 

Cremona noted that Tuxedo 
version 10 is focused on securi- 
ty and extensibility. "Security is 
a big concern of our customers 
because things are a bit wacky 
in cyberspace, and there's a real 
need to tighten up security, and 
it seems our customers are of 
the opinion that widely accept- 
ed standards are the best way to 
handle that," Cremona said. 

The Tuxedo update comes 
with connectivity through its 
own WebLogic Java EE app 
server and Secure Socket Layer 
(SSL) support for network 
links. New in this release is sup- 
port for advanced password 
encryption standards. 

Services Architecture Lever- 
aging Tuxedo (SALT) is a native 
Web services stack for Tuxedo. 
The new version lets users 
access Tuxedo services as stan- 
dard Web services, and allows 
Tuxedo applications to call 
external Web services using 
SOAP over HTTP, with a con- 
figuration-driven model. 

Cremona claimed this re- 
lease, expected on Oct. 2, is a 
big opportunity for Tuxedo. 
Since most development today 
is happening on either .NET or 
Java frameworks, he argued, 
application development has 
decreased on C/C + + or 
COBOL frameworks. 

"One of the criticisms we 
were getting three to five years 
ago was that nobody was doing 
anything with Tuxedo. Tuxedo 
was really focused on applica- 
tions written in legacy lan- 
guages, such as C/C + + and 
COBOL. However, the compa- 
ny's shifted gears, and the area 
of focus for Tuxedo is shifting, 
from new applications being 
developed in legacy languages 
to having Tuxedo being a main- 
frame alternative." I 
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Adobe Showcases First Apps From Flex Partners 

Associates demonstrate applications built with AIR platform at MAX conference 



BY DAVID WORTHINGTON 

Microsoft may have taken the 
spotlight first in May, when it 
previewed its Silverlight plat- 
form, but now it's Adobe 
Systems' turn to bask in the 
glow. At its MAX 2007 
conference in Chicago, the 
company unveiled the first 
RIAs built with its cross-plat- 
form Adobe Integrated Run- 
time, also known as Adobe 
AIR, in a bid for developer 
mindshare. 

Adobe took center stage 
with its partners on Oct.l, the 
opening day of the MAX con- 
ference. AOL, Business 
Objects, eBay, Nickelodeon, 
QVC and Salesforce.com are 
some of the companies that 
have already developed work- 
ing AIR applications. 

Adobe also demonstrated 
Buzzword, an online word 
processor that it acquired from 
Virtual Ubiquity, and made 
available a prerelease version 
of its Adobe Media Player 
application; both were built 
with AIR. 

AIR creates applications out 
of Flash, Flex, HTML and 
AJAX. The AIR desktop run- 
time sets it apart from Sil- 
verlight, which runs exclusively 
from the Web. Adobe has also 
launched the Adobe AIR Mar- 
ketplace, a Web site where 
developers can publish and pro- 
mote AIR applications. 

New beta versions of the 
AIR runtime and AIR SDK, as 
well as Adobe Flex Builder 3 
and the Adobe Flex 3 SDK, 
were made available at MAX. 
Adobe could not make a 
spokesperson available to SD 
Times before press time. 

ELIXIR TO ADD VISUALS 

There is no sizable partner 
ecosystem for Adobe's nascent 
Flex 3 platform for now, but 
ILOG might have the "Elixir" 
that Adobe needs to create one. 
ILOG Elixir is a graphical visu- 
alization component library for 
AIR and Flex that Adobe will 
market and distribute. 

Distributed as a beta on 
Oct. 1, Elixir is a collection of 
live-display charting compo- 
nents, which includes 2D, 3D, 
organizational and radar charts; 
scheduling displays; tree maps 
for visual analytics; and world 
maps for dashboards. 



"Microsoft is building an 
ecosystem around its platform. 
A slew of companies have pro- 
vided Microsoft-compatible 



components. Flex is being 
seen as a challenger, compet- 
ing with Silverlight, and 
[Adobe does] not want to be 



the only provider of compo- 
nents," said Ed Kiraly, ILOG's 
product manager for visualiza- 
tion tools. 



According to Kiraly, Elixir 
will be generally available in 
early 2008, when Flex 3 is for- 
mally released. I 
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CollabNet Keeps Track of All Branches 

Subversion 1.5 to have merge-tracking capabilities in November release 



BY JEFF FEINMAN 

Subversion 1.5 is the name, and 
merge tracking is the game. 
The newest update of Collab- 
Net's version-control system, 



slated for a late November 
release, will automatically han- 
dle merge operations and offer 
many-to-many tracking of 
changes to code branches. 



"With all development 
methodologies, whether it's 
agile or waterfall, you typically 
have several branches going on 
in parallel," said Isabelle 



Dumont, senior director of 
product marketing for Collab- 
Net. "At some point, you need 
to merge the work." 

Before version 1.5, Dumont 
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said, Subversion lacked the 
ability to track where different 
code branches merged. She 
explained that this information 
must be kept in many cases to 
comply with industry regula- 
tions, and to provide the ability 
to backtrack and unmerge a 
mistake. Before this release, 
Subversion could facilitate 
merges but would not record 
them in its history information 
and could not automatically 
track changes. 

The new merge-tracking 
capabilities are set up in the 
form of a log, with information 
showing which branch was 
merged with another, by whom, 
and what products were 
merged. Subversion 1.5 can also 
prevent duplicate merges, han- 
dle bidirectional merging, and 
offer manual record-tracking. 

In todays global workplace, 
the ability to track branch 
merges is "absolutely crucial," 
according to Laura DiDio, a 
research fellow with the Yankee 
Group. Any tool that can short- 
en the time-to-market and elim- 
inate guesswork is going to 
make a much more efficient 
application development envi- 
ronment, she noted. 

"Many of these teams don't 
get to sit next to each other or 
get that crucial face time all the 
time, so how do they do things?" 
DiDio said. "If they make 
changes, and they're not tracked 
or updated, confusion can 
ensue. Maybe they're incompat- 
ible with one another, and they 
cause a bug; maybe the work is 
duplicated — you could basically 
induce errors. You want people 
to be on the same page." 

DiDio also pointed out that 
having these features is key for 
CollabNet in keeping up with 
competition, as products such as 
Borland StarTeam, IBM Ratio- 
nal ClearCase and Perforce 
already provide merge tracking. 

"Customers are demanding 
more efficiency, more flexibility 
in the application, more func- 
tionality in the application," 
DiDio said. "If you're going to 
get those applications to market 
and keep up with the competi- 
tion, you've got to make sure 
they work right the first time." 

The new features are the 
result of collaboration between 
the Subversion user community 
and CollabNet, with the compa- 
ny gathering enterprise require- 
ments and organizing a February 
2006 workshop where customers 
and the Subversion development 
team laid the ground rules for 
merge-tracking capabilities. I 
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Solaris Express Shines on Developers 

New release targets laptops, developer desktops for easier installation 



BY ALEX HANDY 

The future of Solaris is in the 
hands of developers and systems 
administrators, Sun Microsys- 
tems believes. 

In support of this philosophy 
Sun on Sept. 24 released Solaris 
Express Developer Edition 
9/07, a binary distribution of its 
flagship operating system that 
includes all of the tools, drivers 
and applications needed to build 
and deploy Solaris-based apps 
quickly. 

This version includes a re- 
designed installer that does away 
with the confusing configuration 
and management tasks previous- 
ly needed to install Solaris. 

Dan Roberts, director of 
marketing for Solaris and 
OpenSolaris, explained that this 
is the third edition of Sun's 
developer-focused distribution 
of Solaris. Much of the work 
accomplished in this year's 
releases has been focused on 
refining the overall user experi- 
ence. The first release of 2007 
simplified the Solaris installer, 
and this third edition retired it 
altogether. In its place is a new 
graphical installer that walks 
the user through the process of 
setting up a desktop or laptop 
as a working environment. 

Although Sun's Project Indi- 
ana, headed up by Debian 
founder and Sun chief operat- 
ing system platform strategist 
Ian Murdock, has laid out plans 
for a new packaging system for 
the operating system, the new 
installer wasn't part of Mur- 
dock's effort to rebuild Solaris 
in the image of Linux. 

Also new to this version is 
D-Light, a GUI front end for 
DTrace. Additional drivers and 
new energy management capa- 
bilities also make Solaris Ex- 
press Developer Edition 9/07 
more amenable to installation 
on laptops. This is a key feature 
for Roberts, who admitted that 
Solaris had fallen off of the 
radar of most developers. 

Roberts cited the demise of 
the developer- specific worksta- 
tion, and noted, "Because the 
notion of multiple workstations 
or task-specific workstations 
was reduced and everyone end- 
ed up with a general-purpose 
machine, folks' awareness of 
other operating systems started 
to be reduced. This is exactly 
the impetus for Project Indi- 
ana. Developers and students 



reach for the things that are 
accessible to them. As students, 
they often share one thing 
across the globe, which is that 
they're poor. This led to a lot of 



activity in the Linux space." 

Sun has been adopting many 
of the practices used by Linux 
distributions to increase uptake. 
One of these is Sun's commit- 



ment to sending out free installa- 
tion CDs to developers who sign 
up on its Web site — a tactic orig- 
inally pioneered by Ubuntu Lin- 
ux — in addition to making the 



disc images available for down- 
load. Sun is also offering a variety 
of support pricing options with 
the aim of increasing developer 
confidence in Solaris. I 
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Back Doors Mean Wide-Open Danger 

Finding them before they are compiled into applications can save time and money 



BY ALEX HANDY 

SAN FRANCISCO — Keep 
your friends close and your 
hackers closer. Right now, as you 
read this, it's entirely possible 
that one of your company's pro- 
grammers is writing exploitable 
code into a front-line applica- 
tion. The practice is not uncom- 
mon, and both the open source 
world and internal corporate 
teams are constantly placed at 
risk by rogue coders. But finding 
back doors isn't impossible; tests 
can detect such code before it 
can harm deployed software. 

Chris Wysopal, CTO and co- 
founder of Veracode, gave a 
speech at the IT Security World 
Conference and Expo here in 
mid- September, and in it he 
detailed the numerous methods 
and reasons for writing back 
doors. While the methods are 



diverse and their implementa- 
tion specific, he explained that 
the reasons tend to be less omi- 
nous: Most hackers who write 
back doors do so simply be- 
cause they can. 

Sometimes, hidden back 
doors can amount to a signature 
from a programmer: They're 
something the coder simply does 
with all of his or her applications. 
For the same reason some pro- 
grammers hoard old manuals 
and software, others may add 
back doors into applications sim- 
ply for the sake of knowing they 
still control their projects, long 
after they're complete. 

And still other back doors 
are explicitly used for targeted 
attacks. 

Wysopal showed numerous 
examples of back doors found in 
the wild during his talk. The tac- 



tics used in these examples, he 
noted, can be used to help 
development teams track down 
such exploits during code audits. 

SCREENING FOR DOORS 

The first and easiest way to 
find back doors, said Wysopal, 
is using static analysis. 
Dynamic analysis requires the 
actual backdoor code to be in 
use during analysis, which 
according to him is quite rare. 
"You can scan programs for all 
hashing routines, such as cryp- 
to. Go back in the data flow 
and see what's going into the 
data routines. If there's any 
static values going in, that's a 
flag," Wysopal explained, 
adding that this type of activi- 
ty is indicative of a back door 
that includes hidden login 
names and passwords. 



BREAKING AND ENTERING 



Here are some examples of backdoor code in- 
cluded in applications that Veracode CTO and co- 
founder Chris Wysopal gave during his speech at 
the IT Security World Conference and Expo: 

WordPress (PHP) 

This spring, a hacker broke into the WordPress 
servers and inserted a back door into the popu- 
lar blogging software's source code. This PHP 
code allowed an external attacker to embed com- 
mands and gueries into a URL that would be 
parsed and acted upon by the server. These com- 
mands could range from basic PHP functions to 
actual command-line execution within the oper- 
ating system. Depending on the permissions giv- 
en to PHP by the host operating system, such a 
hole could result in root access. 

OpenSSH (C) 

In 2002, a hacker compromised the source code 
of OpenSSH, but only the HP-UX flavors. The 
hack was done with obfuscated C; a long data set 



that looked like an encryption seed was inserted 
into the code. A nearby line would decrypt this 
code at compile time, resulting in the exploit 
code being online. 

Linux Kernel (C) 

In 2003, a hacker broke into the Linux kernel 
repositories and inserted code that modified the 
sys_wait4() function in kernel/exit.c to allow 
local privilege escalations. The second line of this 
code is missing a second "=" and due to its 
absence, a routine that would normally have 
checked the user ID instead changes the user ID 
to 0. Thus, any user who knew of this hole could 
escalate their user account to root by sending 
the proper calls to the kernel. This particular 
back door was extremely small and guite sneaky. 
Its entirety follows below: 



T Oprion* — __nCI 0Nri__nAl I 

currcnM-uid - n 
rcrvdl - -riN'-'Al ; 



fcfc 



Other back doors could sim- 
ply hide functionality, such as 
secret paths to privileged esca- 
lation, or the inclusion of secret 
windows into databases. De- 
tecting this sort of exploit can 
be trickier, since the code creat- 
ing this back door will often 
appear functional and innocu- 
ous. Such attacks are common 
in open source Web applica- 
tions. One such attack against 
the popular blogging engine 
WordPress consisted of only a 
few lines of PHP, but it gave a 
malicious user the ability to 
push through commands to the 
server. 

Other PHP-based back 
doors are obfuscated, such as 
one found in the Artmedic con- 
tent management system earli- 
er this year. This exploit was 
pasted into the source code in 
base64 notation. Underneath 
this snippet of code was a sim- 
ple command that changed the 
base64 expression into standard 
PHP at runtime. 

"Look at all the different 
built-in decoding algorithms 
that a framework might have, 
and see if it's ever decoding and 
sending it into 'eval,'" said 
Wysopal, explaining how to 
catch this type of back door. 

The worst possible scenario 
for development managers, 
however, can be found when a 
truly talented hacker decides to 
build a small exploit. This hap- 
pened in 2003 when a hacker 
broke into the Linux kernel 
repositories and modified code 
on the disk. The exploit itself 
was found because of server 
issues, a lucky dodge for the Lin- 
ux world. But the code used was 
so small and sneaky, it might not 
have been detected at all. 




Most hackers who write back 
doors do so just because they 
can, says Veracode's Wysopal. 

Wysopal stated that code 
audits are a good way to find 
back doors, but he also said 
that automated activities could 
help as well. He cited one 
example where a backdoor rou- 
tine was actually titled "back- 
door." Although few rogue 
coders might be that arrogant, 
simply grepping the source 
base for "backdoor" could be a 
useful test before building an 
application. 

One new tactic Wysopal said 
that he's seen in the financial 
industry is for coders to build 
unreachable code into one 
build of an application, and 
then add the final touches later 
on in development. "Someone 
would insert the backdoor 
code, but nothing would call 
that code. It would sometimes 
slip through an audit. When the 
code is updated, the second 
part is added. It's like disassem- 
bling the gun so you can get it 
through the X-ray machine," 
said Wysopal. I 
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Fit Enough for Agile? 

New Exigen package to score readiness 



BY JENNIFER DEJONG 

Is your team ready to go agile? Profes- 
sional services provider Exigen wants to 
help answer that question. 

The company was expected to 
announce earlier this month the Agile 
Assessment Package, essentially a set of 
scorecards, questionnaires and other 
resources designed to determine a 
team's state of readiness for adopting 
agile development methods. 

Aimed at development teams that 
still use the sequential, waterfall 
approach to development, the offering, 
which costs about US$20,000 for a two- 
week engagement, follows the compa- 
ny's late September announcement of its 
agile consulting practice, said Exigen 
senior vice president Doug Mow. Exigen 
provides outsourced application devel- 
opment services, including those based 
on the agile approach, but the assess- 
ment package is its first official agile 
offering. David Webb, formerly of Intel, 
has been hired to head the new practice. 

The package helps development 
managers answer questions such as 



whether team members assigned to a 
given project are well suited to pair pro- 
gramming. "Some folks are not cultural- 
ly disposed to doing that, so sometimes 
we advise it, and sometimes we do not," 
Mow said, of the well-known practice 
from Extreme Programming, where 
developers work in tandem. 

Other issues addressed include who's 
on the team and what role each member 
should play, how often team members talk 
to each other, and whether team mem- 
bers who represent the business side of 
the house share the same understanding 
of the project as those who work for IT. 

Another aspect of the package is a 
rating system. Earlier projects are ana- 
lyzed to assess, for example, whether the 
specified requirements aligned with 
business objectives, Mow said. "You 
might find that the existing business 
requirements for a given project are 
excessively technical." That would result 
in a lower score, whereas those tied to 
business goals, such as improving cus- 
tomer service or boosting sales, would 
earn better marks. I 



AccuRev Takes on Dependencies 



BY JEFF FEINMAN 

Software configuration management 
provider AccuRev has updated its name- 
sake tool set with new visualization and 
workflow features. AccuRev 4.6, 
released at SD Best Practices in Boston 
in mid-September, allows the tracking of 
issue dependencies between code 
changes, managed as AccuRev change 
packages. Developers working remotely 
can view these dependencies. 

Also in AccuRev 4.6 is the Version- 
Slider, which enables a developer to see 
how source code files have changed, in a 
graphical display. AccuRev officials 
claim that the Versions lider removes the 



need to annotate operations on previous 
versions of files, and makes code reviews 
quicker. "If I'm an India-based develop- 
er and I need to have my code reviewed 
out of London, a developer in London 
can drag the slider and see what has 
changed for me," said Cliff Utstein, vice 
president of sales and marketing for 
AccuRev. "I can work collaboratively 
with that developer in London to move 
very quickly, and get this done in a range 
of two to six weeks." 

AccuRev 4.6 also offers what it calls 
more flexible symbolic links, to help 
engineers manage complex code and 
project dependencies. I 
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EclipseWorld 2007 Heads Toward U.S. Capital 



BY ALEX HANDY 

For nearly half of enterprise 
developers, it's Eclipses world; 
we're all just living in it. For 
those who hope to learn more 
about the newest developments 
with the framework, Eclipse- 
World 2007 in Reston, Va., will 
provide insight into what's pos- 
sible with Eclipse 3.3 and other 
members of the "Europa" 
release train. 

Starting on Tuesday, Nov. 6, 
EclipseWorld, produced by BZ 
Media, publisher of SD Times, 
will offer three days of training, 
education and brainstorming 
around Eclipse and its uses. 
Many of the show's discussions 
and presentations will focus on 
Europa's new features. 

Of the dozens of talks sched- 
uled, many offer glimpses into 
new methods of working, or 
describe ways to begin using 
Eclipse. For example, on Wed- 
nesday, Nov. 7, Dwight Deugo, 
author and creator of the Eclipse 
Community Education Project, 
will describe methods of using 
the Eclipse Rich Client Platform 
in enterprise projects. His class, 
"First Steps for Building and 
Deploying Eclipse RCP Applica- 
tions," explains how to get start- 
ed with this powerful tool for 
developing, deploying and even 
internationalizing rich clients. 

On Tuesday, EclipseWorld 
offers full-day tutorials geared 
toward introducing Eclipse fea- 
tures to the masses. That day, 
Deugo kicks things off with a 
crash course in Eclipse for Java 




CONFERENCE: Nov. 6-8 

Hyatt Regency Reston, Reston, Va. 

FULL-DAY TUTORIALS: 
Tuesday, 9:00 am-5:00 pm 

TECHNICAL CLASSES: 
Wednesday, 9:15 am-4:30 pm 
Thursday, 8:30 am-5:15 pm 

EXHIBIT HOURS: 
Wednesday, 2:30 pm-7:30 pm 
Thursday, 12:30 pm-4:00 pm 

HANDS-ON TOOL SHOWCASE: 
Tuesday, 8:00 pm-10:00 pm 

'TOTAL ECLIPSE' PANEL: 
Tuesday, 5:00 pm-6:00 pm, Mike 
Milinkovich, Robert Martin, David 
Intersimone; chaired by Alan Zeichick 

KEYNOTES: 

Wednesday, 8:30 am-9:15 am, 

Robert Martin 

Wednesday, 4:45 pm-5:30 pm, 

David Intersimone 

www.eclipseworld.net 



developers, specifically designed 
to ramp up new users for the 
following two days' events. 
Other tutorials on Tuesday 
include a Ruby-on- Rails intro- 
duction, a class on test-driven 
development, and another that 



describes continuous integration 
with the Eclipse Test & Perfor- 
mance Tools Platform. 

The conference proper kicks 
off on Wednesday with Robert 
Martins keynote. CEO, founder 
and president of Object Mentor, 



he will be discussing the ways 
Eclipse can help to ease devel- 
opment woes throughout an 
organization. He will also sit on 
a "Total Eclipse" panel discus- 
sion on Tuesday evening, with 
David Intersimone, CodeGear s 



developer evangelist, and Mike 
Milinkovich, director of the 
Eclipse Foundation. The panel 
will be led by Alan Zeichick, 
conference chair for Eclipse- 
World 2007, and editorial direc- 
tor of SD Times. I 
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WPF CONTROLS 
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WPF Controls Never Looked Better 




VantagePfrlni WPf Centrals In Aurora 

VantagePaint WPF Controls i* a suite of highly- 
customizable controls designed for Displaying and 
monitofing key performance indicators in graphica-lly 
Intense a pplkitiGrts ■ f ram industrial conlrok and 
manufacturing software to medical and Financial 
systems. Using Mkroj-oft r MET 3-D a jf he platform. 
Vantage Point n written entirely in WPf and can 
participate in date binding and sryN'ng. 

The components are compatible with i he Aurora 
XAML Designer by Mohiform and Visual Studio and 
Expression Blend by Microsoft. 

Mix the simplicity *f Vantage Point with the power of WPF 
and you" II find creating intuitive screens haf never been easier! 
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AcuBench is Acucorp's visual IDE for creating COBOL programs. 

It's Business As 
Usual at Acucorp 

Extend 8 builds on company's existing 
COBOL modernization platform 



BY DAVID WORTHINGTON 

Micro Focus has a message for its Acu- 
corp customers: It's business as usual. 
At least until 2009, when the company 
expects to begin integrating its overlap- 
ping modernization solutions. 

Acucorp product manager Robert 
Cavanagh explained that the existing 
schedule of service releases and 
promised feature set would remain in 
place, and that any changes to the road 
map will be publicized. 

Acucorp last month shipped the lat- 
est version of the Extend interoperabili- 
ty suite, the first product release since 
the May acquisition by Micro Focus. 
Extend 8 adds the AcuXUI display 
engine and enhancements to the 
AcuXDBC database management sys- 
tem; this release adds support for x64 
versions of Windows. 

AcuXUI provides a Java-based display 
engine for Acucorp's ACUCOBOL-GT 
graphical technology. Interfaces created 
with AcuXUI are portable to any JRE 
platform, claims the company. "Cus- 
tomers can evolve applications," 
Cavanagh remarked, instead of starting 
from scratch. 

Enhancements in the AcuXDBC 
update apply relational database and 
SQL concepts to COBOL index files. 
AcuXDBC now allows JDBC and 
ODBC applications to access Acucorp's 
proprietary Vision file system through 
SQL statements. "It adds database-like 
functionality to an index file," said 
Cavanagh. 

Performance was another major 
emphasis of the new release, claims 



Micro Focus. Extend 8 produces inter- 
mediate code compiled from COBOL 
that is interpreted by the Extend run- 
time; its performance increases when 
there are fewer instructions required for 
the runtime to execute the code. A new 
binary math package improves perfor- 
mance of arithmetical computing, said 
Cavanagh. 

The product's sort performance also 
received a shot of adrenaline. Faster 
sorting accelerates COBOL batch appli- 
cations, where sorting has traditionally 
had the biggest impact on performance, 
Cavanagh added. 

What's more, AcuBench has re- 
ceived a new WYSIWYG interface that 
generates complete COBOL programs. 
A new preprocessing utility, called 
Boomerang, accesses remote pre- 
processors. 

HANDLING OVERLAP 

The next major release is slated for 
2009. Because both Acucorp and Micro 
Focus have ASCII-compliant compilers 
and runtimes, there is a lot of overlap 
between the company's software assets, 
Cavanagh said. Instead of going for- 
ward with two separate sets of technol- 
ogy, Micro Focus will be updated to 
handle all of the proprietary extensions 
developed by Acucorp and will reuse 
existing runtime code wherever possi- 
ble, he explained. 

"The end goal is a transition release 
for Acucorp customers that provides 
Micro Focus customers with new tech- 
nology that is very valuable," Cavanagh 
added. I 
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Startup Zafesoft Protects 
Code Behind the Scenes 



BY DAVID RUBINSTEIN 

Sandeep Tiwari doesn't believe peoples 
freedoms have to be compromised in 
the name of security. 

Tiwari is CEO of Zafesoft, a startup 
focused on source code protection, and 
according to him, unstructured data 
such as source code can and must be 
secured without a complex system. 
"Security should run in the background, 
without an interface or a log-in," he said, 
"or else people just won't use it. It 
becomes too invasive." 

Source code files are routinely 
copied, e-mailed, pasted and printed, 
Tiwari said, because developers inside 
and outside of a business need access. 
Securing unstructured data so the digital 
file cannot be compromised, and so the 
company can maintain its credibility and 
any competitive edge it derives from the 
intellectual property, is the challenge. 

Tiwari claimed that Zafesoft's name- 
sake product protects the content, in con- 
trast to digital rights management sys- 
tems that protect the envelope but not its 
contents. Content monitoring and filter- 
ing systems can be beaten, he argued. 
That's because "CMF is a fingerprinting 
system. If I really want to take the file 
out, and not let the CMF system know, I 
can replace all the as with two z's, and 
[change] all the e's to two exclamation 
points, so now the CMF system doesn't 
know the file — none of the fingerprints 
match — and it lets the file be moved," 



Tiwari explained. CMF systems, he 
claimed, are good for accidental loss pre- 
vention, where someone might not real- 
ize they don't have access to a file, but "if 
someone has intent to be malicious, 
[CMF] can't really stop it." 

The Zafesoft solution consists of the 
Z Central Server, which the company 
hosts and uses to track "zafe'd" files any- 
where they reside, and a Z Opener client 
that enables access to files in the system 
and performs encryption, Tiwari said. 
Companies can also use the Z Corporate 
Server, which works inside the firewall 
to watch every file in the system. 

Zafesoft "keeps track of who opened 
the file, and what he did with it," Tiwari 
explained, noting that files are encrypt- 
ed and decrypted on the fly, and if some- 
one without access tries to open a file, an 
alert is forwarded from the server. Tiwari 
said Zafesoft licenses a third-party tool to 
perform the encryption functions. 

A company employee with access rights 
can copy files, e-mail them to outside par- 
ties, or download them and work on them 
at home. However, the instant that person 
is no longer trusted, all his rights to the sys- 
tem can be removed, and those files 
become inaccessible to that person, with- 
out affecting the rest of the team. 

The early release of Zafesoft, which 
came out in mid-September, can be 
used to secure Windows source code. 
The next release, which was due out ear- 
lier this month, will work with Linux. I 



TIBCO MDM Follows the Process 



BY DAVID WORTHINGTON 

Applications in a service-oriented archi- 
tecture (SOA) need consistent data. If 
there is no data integrity, and duplicate 
records are the rule of the day, applica- 
tions that cut across multiple transac- 
tions cannot function or be reused with 
confidence. 

TIBCO Software developed Collabo- 
rative Information Manager (CIS) to 
make consistency possible. CIS 7.0, 
which became generally available last 
month, includes enhancements that per- 
mit multidomain data management and 
distributed caching, aimed at improving 
performance. 

Multidomain management, or 
MDM, builds and maintains relation- 
ships through the application of attribut- 
es and rules across data domains. 
TIBCO has included Web services that 
access and modify information over 
business domains, and data importation 
facilities to retrieve hierarchical data 
across related catalogs. 

Distributed caching stores large vol- 
umes of data asynchronously and places 
records in memory for quicker importa- 



tion of large datasets, and CIS 7.0 has 
faster processing of rules and workflow 
steps, explained Neeraj Gokhale, 
TIBCO's general manager of enterprise 
information management. 

Enterprises have difficulty keeping 
data consistent because of unused or 
inconsistent processes, Gokhale re- 
marked. In contrast, he said, TIBCO 
takes an application-centric approach 
to MDM where the life cycle of 
information creation and consumption 
is automated and defined in the appli- 
cation. 

The CIS master database harmo- 
nizes master data and synchronizes it to 
all downstream systems needing it, 
aligning all business intelligence and 
SOA components, Gokhale explained. 

TIBCO has also improved user inter- 
faces for business users to import and 
export metadata, and has added role- 
based delegation as well as context-free 
search capabilities for more visibility 
across attributes and catalogs. "Business 
users are the rightful owners and con- 
sumers of information and should be a 
part of governance," said Gokhale. I 
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DevSpec provides automatic requirements versioning with its integrated framework. 

TechExcel Enters Requirements 
Management Market Head On 



BY JEFF FEINMAN 

TechExcel added requirements manage- 
ment to its arsenal at its 2007 Worldwide 
Users Conference and Training Summit 
in San Francisco, held last month. 

The company introduced DevSpec, 
an integrated requirements management 
framework designed to provide visibility 
and traceability in project requirements. 
DevSpec allows developers to create new 
requirements and specifications that can 
be linked to development and testing 
implementation projects. 

DevSpec provides automatic require- 
ment versioning that triggers whenever 
specified changes are made, and uses a 
central data repository — running on 
either Microsoft SQL Server or Oracle 
Database — for requirements and specifi- 
cations. 

DevSpec groups requirements into 
specifications, which can then be manip- 
ulated. Developers can prioritize re- 
quirements and be informed when any 
of the requirements are modified. 

"The requirements can change, but 
that may or may not mean the specifica- 
tion changes," explained Paul Unterberg, 
senior product manager of TechExcel. 
"It's really up to the owners of the down- 
stream development path and QA testing 
plan to look and see what this change 
means to them." 

When asked what DevSpec will offer 
to customers that other tools won't, 
Unterberg pointed out its integration 
capabilities with all other tools in TechEx- 
cel's suite. For example, DevSpec's re- 
quirements management capabilities can 
work with TechExcel's project plan, devel- 
opment tracking or development testing 
tools. He also said DevSpec brings scala- 
bility. "If your teams are distributed, then 
the Web service nature of DevSpec helps 
them to focus on certain areas of work." 

Alex Gaber, director of business 



development for TechExcel, said that 
DevSpec would compete in the require- 
ments management space with the likes 
of Telelogic Doors and IBM Rational 
RequisitePro. 

TechExcel kept the ball rolling at its 
user conference, and introduced two oth- 
er products along with DevSpec. One of 
those products is Knowledge Wise, a 
repository for intellectual assets. 

Knowledge Wise links ideas and cus- 
tomer feedback to specific areas of a 
development project. Documents can 
be shared with all parties involved in the 
execution. The .NET-based tool can be 
integrated with all TechExcel products, 
including DevSpec, DevPlan and Ser- 
viceWise, and can use a variety of data- 
base back ends, including those from 
Microsoft, MySQL and Oracle. 

"From a product management stand- 
point, if I wanted to see what the top 
requested features of my product are, I 
can load Knowledge Wise, and based on 
those attributes that each document has, I 
can see the top requests," Unterberg said. 

Another addition to TechExcel's 
product base is SpecDD, an agile devel- 
opment tool that starts with the premise 
that designs and requirements must be 
agile, but within a structured develop- 
ment process. Unterberg called it a 
"high-level framework that develops 
software, and measures designs around 
that development." 

Unterberg said that, with these new 
products, TechExcel is trying to help busi- 
nesses represent their ideal working 
processes in a way that's easy to imple- 
ment. "Those processes can be modeled 
and enforced within our software, but 
they don't get in the way of people using 
the software. Our interface allows them to 
use those tools in a process-enforced way, 
and get meaningful data from that tool 
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Oracle Boosts BPM With S0A Tools 



BY JEFF FEINMAN 

Oracle in mid- September 
released an enhanced version of 
Oracle Business Process Analy- 
sis Suite. Company officials said 
that with the latest release of 
the suite, Oracle continues to 



enhance its portfolio of BPM 
capabilities. 

The company called this 
release a major step forward in 
Oracles delivery of a compre- 
hensive BPM offering, consist- 
ing of the business process analy- 



sis suite and Oracle SOA Suite, 
as it offers a unique way of inte- 
grating the two suites. Thomas 
Gronbach, product director for 
Oracle Fusion Middleware, said 
that Oracle integrates its busi- 
ness process analysis tool with 



Oracle SOA Suite based on 
joined metadata. Changes facili- 
tated in the technical model 
through Oracle SOA Suite are 
then available to the BPA suite as 
both models operate on the 
same metadata description. 
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"As a result, conceptual and 
technical models are constantly 
synchronized, allowing business 
and IT up-to-date insight into 
their joint process develop- 
ment, preventing a strategy-to- 
execution gap — a real innova- 
tion compared to previous 
business process management 
paradigms," Gronbach said. 

The updated edition sup- 
ports the latest versions of the 
BPMN (Business Process Mod- 
eling Notation) and BPEL 
(Business Process Execution 
Language) specifications. The 
suite integrates business process 
analysis with execution and 
monitoring tools, and offers cus- 
tomers closed-loop engineering 
and bidirectional synchroniza- 
tion capabilities. Execution tools 
such as the Oracle SOA Suite 
support the implementation or 
execution stage of the business 
process life cycle. 

Both suites support the 
Process Blueprint format, Ora- 
cle's underlying common model 
format. I 

Nexaweb 
Gets Visual 

BY JEFF FEINMAN 

Nexaweb is keeping an eye on 
its visual development environ- 
ment for building rich Internet 
applications. 

Nexaweb on Sept. 24 
released an update to its Enter- 
prise Web 2.0 Suite, which 
builds AJAX-, Flash- or Java- 
based RIAs. The new version of 
the suite allows a user to incor- 
porate and reuse third-party 
components. Bob Buffone, chief 
architect of Nexaweb, explained 
that the suite now offers what 
resembles a SOA feature set, as 
it has the ability to operate with- 
in an organizations governance 
infrastructure and create con- 
tracts between services, impor- 
tant features when building 
enterprise applications. 

A main enhancement to the 
tool is the visual development 
environment that builds appli- 
cations with drag-and-drop 
ease of use. "Having a better 
visual development environ- 
ment really reduces the cost 
and time it takes to build appli- 
cations," Buffone said. "The 
meat and potatoes of applica- 
tion building is laying it all out 
and having [applications] look 
correct." I 
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ER/Studio Now Defines XML Schemas 



BY P.J. CONNOLLY 

Governance and SOA imple- 
mentation are two of the rea- 
sons Embarcadero Technolo- 
gies updated its ER/Studio 
data-modeling tool with support 
for XML schema generation. 



ER/Studio 7.5, released in 
mid-September, also adds tools 
for working with metadata from 
models, and a reworked conver- 
sion utility aimed at improving 
the quality of imported metadata. 

The new XML schema gen- 



eration wizard allows the use of 
logical or physical models, as 
well as submodels. Developers 
can drag and drop elements 
from the database design into 
the new schema, and the wizard 
can transform relational entities 



and their attributes, while 
defining naming standards and 
datatype mapping. 

Adherence to naming stan- 
dards is critical in data model- 
ing, and a new utility in ER/Stu- 
dio 7.5 attempts to address the 
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problems users encounter by 
providing templates for naming 
standards that allow the use of 
different naming conventions 
for logical and physical models. 
The company also backfitted 
these features into ER/Studio s 
wizards for physical model gen- 
eration, reverse engineering 
and XSD (XML Schema Defin- 
ition) generation. 

The overhaul of the 
MetaWizard utility was aimed 
at improving the conversion 
experience when importing 
metadata from CA ERwin, 
Sybase PowerDesigner and 
similar tools. ER/Studio 7.5 also 
includes updates to denormal- 
ization, dimensional modeling 
and reporting features, as well 
as tweaks to behavior with vari- 
ous relational database manage- 
ment systems. I 

SOA Developers 
Get Testy 

BY DAVID WORTHINGTON 

Even the most talented devel- 
opers require testing tools, and 
producing a compliant and reli- 
able service-oriented environ- 
ment requires a quality assur- 
ance process. Parasoft has 
augmented its tools to make 
possible a connection between 
the tools of developers and 
those of QA professionals. 

Parasoft SOAtest 5.5, 
released Oct. 2, enables devel- 
opment teams to perform busi- 
ness process testing, load and 
performance testing, policy 
enforcement, scenario tests and 
unit testing. This release adds 
support for the Microsoft .NET 
Framework and Windows 
Communication Foundation. 

SOAtest is multiprotocol and 
provides emulation capabilities 
for testing. It consumes the 
semantic information around 
protocols, making it easy to use, 
claimed Wayne Ariola, vice 
president of strategy at Parasoft. 

A new automation feature, 
so-called intelligent stubs, emu- 
lates the behavior of applications 
within a production system. The 
stubbing capabilities emulate 
clients and servers, and allow 
consumers and producers to test 
from different entry points. 

SOAtest 5.5 integrates with 
Microsoft Visual Studio Team 
System 2005; developers can 
use VSTS to execute, manage 
and share SOAtest projects. I 
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Backbase Bets Big on Broad Browser Support 



BY JEFF FEINMAN 

Backbase last month introduced 
an RIA-focused application 
server, Enterprise AJAX 4, offer- 
ing compliance with a number 
of different browsers and an API 
that lets developers build appli- 
cations in the programming lan- 
guage of their choice. 

It works with C amino, Fire- 
fox, Internet Explorer, Net- 
scape, Opera and Safari 
browsers. According to Michel 
Gerin, vice president of market- 
ing for Backbase, this might be 
the most important feature in 
the release, due to the different 

Mega Modeling 
Maps Grand Plan 

BY JENNIFER DEJONG 

Mega International last month 
updated its enterprise architec- 
ture offering, adding reports 
that identify software compo- 
nents, applications and servers 
according to the business func- 
tions they carry out. 

Instead of simply drafting a 
technical diagram that shows 
which applications are running 
on which servers, the new 
release of Mega Modeling Suite 
uses terminology that is mean- 
ingful to line-of-business pro- 
fessionals, said company vice 
president of solutions Terence 
Lee. For instance, a server with 
the applications and compo- 
nents that run on it might be 
identified by the term "travel 
management," indicating an 
application that lets customers 
plan trips, booking flights, 
hotels and rental cars. 

Mega Modeling Suite, which 
starts at US$3,250 per user, is 
an enterprise architecture tool 
for diagramming components, 
applications, business processes 
and IT infrastructure. It sup- 
ports the Unified Modeling Lan- 
guage, but Lee explained that its 
intended for use as a mapping 
tool, not a development tool, so 
it does not generate code. 

Instead, he noted, "it [cre- 
ates] designs and hands them 
off to software developers." To 
ease that task, Mega Modeling 
integrates with IBM Web- 
Sphere offerings, and with 
Microsoft Visual Studio. A 
future version will also support 
Eclipse, he said. 

Also new to the Modeling 
Suite is support for Web Ser- 
vices Description Language. I 



implementations of JavaScript in 
each browser. 

Enterprise AJAX 4 offers 
JavaScript and XML APIs that 
allow developers to create their 
application in the programming 
language they are most familiar 



with. The Enterprise AJAX archi- 
tecture enables the use of third- 
party components such as Yahoo 
UI components, Dojo Widgets 
and Google Gadgets. 

In addition, the new frame- 
work can integrate with other 



server platforms such as JSF, 
Spring and Struts. This is possi- 
ble because the engine will 
communicate through HTTP 
requests using XML or JSON, 
Gerin said. There is a develop- 
ment plug-in for Eclipse and a 



browser-based debugger. 

Gerin noted that anybody can 
pick up an AJAX widget and add 
it to their Web site, without hav- 
ing to deal with plug-ins. "Their 
philosophy must be if you can't 
beat it, embrace it," he said. I 
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VeriLook SDK 

Facial Identification for PC and Mac 

VeriLook SDK provides tools for developing and integrating a wide 
range of facial identification systems, including: 

• Access control 

• Attendance control 

• Customer relationship 
management 

• PC biometrical logon 

• Identity verification 

VeriLook SDK enables 
the development of 
reliable, cost-effective 

biometrical applications for Microsoft Windows, Linux or Mac OS X 

and provides: 

• Support for most cameras and webcams 

• Simultaneous capture from multiple cameras 

• Multiple face processing from live video streams and still images 

• Identification speed of 100,000 faces per second 

• Programming samples on C/C++, C#, VB 6, VB .NET and Delphi 7 

• Unlimited free technical support for developers 

The SDK includes the VeriLook face identification algorithm, 
camera management software, samples and documentation. 
Compatibility with VeriFinger SDK enables the development of 
multi-biometric applications. 
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Oink Roots Out Bugs 
Via Data Flow Analysis 



BY ALEX HANDY 

Its 5:00 am. Do you know where your 
variables are? 

For all developers, keeping track of 
information as it flows into and out of 
logic routines can be like juggling chain- 
saws. To help keep bad data from cor- 
rupting good programs, the open source 
project Oink and its related software 
have been tracking down issues using 
data flow analysis since 2003. 

Now, the team behind Oink is trum- 
peting a host of format 
string bugs they've found 
in the Debian Linux distri- 
bution. It's all in the name 
of evangelizing Oink as an 
easier way to find holes 
before they are big 
enough for elephants to 
climb through. 

Scott McPeak is a 
senior architect at Coveri- 
ty, and in 2003 he began 
work on a C++ parser that 
would eventually become 
the front end for Oink. 
Elsa, as he dubbed his 
project, takes source code and maps it 
all out into an abstract syntax tree (AST) 
that can be followed to see just how data 
is moving through a program. "The Oink 
layer on top walks over the AST, and 
when one thing is assigned to another, it 
calls out to an analysis that links these 
up. [It examines the] whole program's 
data flow," said McPeak. 

Oink requires a back end to do the 
actual analysis. Usually, this back end 
is CQual++, a type-based analysis tool. 
CQual++ allows developers to find any 
type of bug that can be discovered using 




Scott McPeak's Elsa C++ parser 
became the front end for Oink. 



static time polymorphic data flow. 

Daniel Wilkerson, another of Oink's 
three primary caretakers, and Karl Chen, 
a graduate student researcher at the 
University of California, Berkeley and a 
day-to-day maintainer of the Oink pro- 
ject, have been using their tool to find 
format string vulnerabilities in open 
source projects. One of the largest such 
troves of vulnerabilities they've found 
has been the more than 1,000 such 
errors uncovered in the Debian Linux 
distribution. Simply scan- 
ning the C + + packages 
contained in Debian yield- 
ed between 400 and 500 
potential security vulnera- 
bilities, according to Chen. 
Writing a custom analy- 
sis for data flows is Oink's 
killer application, claimed 
Wilkerson. While CQual++ 
finds many common data 
flow errors, Oink provides 
facilities for developers to 
write their own analysis. 
For some projects, analy- 
sis must be tailored for 
strange and unique engineering prac- 
tices. One place where this type of 
analysis can help is when one language 
points to a function in another. In this 
case, said Wilkerson, Oink can help to 
keep garbage collection from getting out 
of hand, by finding dangling pointers 
that aren't cleared out of memory. 

Chen believes that Oink should be an 
integral part of a nightly build process. 
Wilkerson agreed, comparing bug fixing 
to Whack-a-Mole: For every six bugs 
one finds, six more will spring up after 
nightly check-ins. I 



COMPONENTONE OPENS SILVERLIGHT GALLERY 



BY DAVID WORTHINGTON 

Microsoft's Silverlight 1.1 may be at the 
alpha release stage, but software compa- 
nies are already writing controls that tar- 
get it. Most of them are talking Silver, 
but ComponentOne is casting light on 
Sapphire. 

Sapphire is the code name for Compo- 
nentOne's upcoming control suite for Sil- 
verlight, scheduled for release in con- 
junction with the Silverlight 1.1 runtime, 
and it is currently being previewed at the 
company's CI Labs Web site. Sapphire's 
controls were designed to help developers 
create interactive, high-fidelity user inter- 
face applications for the Web. 

ComponentOne's Sapphire Web site 
features a gallery of buttons, containers, 
date/time, lists, slides, text, video and 
other miscellaneous controls. As Micro- 
soft adds functionality to Silverlight, 
ComponentOne will add paralleling 



controls to Sapphire. 

The Sapphire release leverages Com- 
ponentOne's existing Windows Presenta- 
tion Foundation component technology. 
Its controls will take advantage of the 
design features found in Microsoft's 
Expression Studio suite for animation, 
graphics and skinning. However, Sapphire 
currently lacks support for control/ele- 
ment styling, control sets, data binding, 
and the full feature set of Microsoft's 
Expression Blend interface designer. 

"The Silverlight platform has really 
opened up a whole new world of inter- 
activity that will dramatically improve 
the user experience and at the same 
time enable application developers and 
designers to create some very com- 
pelling cross-platform, Web-based solu- 
tions," Todd Schick, director of business 
development at ComponentOne, said in 
a prepared statement. I 
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Lawsuit Over GPL 
Starts Monsoon 



< continued from page 1 

infringing, because if they get caught 
they can just comply," said Ravicher. 

Bernard Golden, author of the book 
"Succeeding With Open Source," said 
that the avoidance of trial might disap- 
point some in the open source commu- 
nity. "The biggest issue is that there isn't 
any case law about these decisions. I 
don't know that it is going to give every- 
one what they were hoping for, which is 
a final legal reaction to the license," said 
Golden. 

LICENSE OR CONTRACT? 

James Grimmelmann, associate profes- 
sor at the New York Law School, doesn't 
believe the GPLv2's validity is keeping 
people up at night. "It's not as though 
people working with the GPL act as 
though it's in serious doubt," said Grim- 
melmann. But he did point out that 
there is one issue surrounding the GPL 
that courts could yet resolve: Is it a 
license or a contract? 

While the software community is cer- 
tainly convinced that the GPL is a license, 
Grimmelmann postulated this issue as an 
angle of attack against the GPL, and the 
only one that he currently sees as a threat. 

"A contract is: You and I meet and 
we make a promise to do something. 
There are agreements going in both 
directions. A license is: I have my copy- 
righted piece of code and I give you 
permission to use it in various ways, but 
the permission is revoked if you violate 
these conditions. This matters in the 
formal legal analysis, because if it's... a 
contract, your promise to publish 
source and respect freedoms are just 
that: promises. If you break the con- 
tract, you pay me some money. Your 
promise wasn't conferring economic 
value to me," said Grimmelmann. 

Without conferring economic value, 



the courts have no monetary basis to 
form their opinions, he added. While 
license law is a big hammer of enforce- 
ment, he said, contract law is a some- 
what smaller hammer. Grimmelmann 
pointed out that contract law could be 
just as binding and enforceable, howev- 
er, given a motivated court. 

Further muddling the issue is the 
SFLC's midsuit change in tactics. Initial- 
ly, the SFLC issued a statement declar- 
ing that the only punishment it sought 
against Monsoon Multimedia was com- 
pliance. Five days later, when Monsoon 
Multimedia agreed to comply, the SFLC 
changed its tack and stated that compli- 
ance was not enough. 

Grimmelmann suspects this is a 
change of heart by plaintiffs Andersen 
and Landley "It's a classic problem in the 
law world. . .the people who have a strong 
public interest mission have to make 
their arguments in the context of partic- 
ular cases," said Grimmelmann. "If a par- 
ticular client really wants to push a case 
hard, the attorneys can't say no." 

Theresa Bui Friday, co-founder and 
vice president of marketing at IP pro- 
tection software company Palamida, 
said that her customers aren't as con- 
cerned about the validity of GPLv2 as 
they are with the new provisions in 
GPLv3. Friday said that her customers 
are not asking "specifically about Mon- 
soon. But certainly, since GPLv3 
launched, we had a lot of questions 
around GPLv3 and GPLv2, in general. 
They are primarily from our customers 
who are from the embedded world; 
companies who ship embedded Linux 
for a living." She added that the most 
commonly asked questions revolve 
around the new digital rights manage- 
ment provisions in GPLv3, and around 
compatibility between GPLv2 and 
GPLv3. I 



Ada Finds New 
Life in .NET 

BY DAVID WORTHINGTON 

Visual Basic and C# on .NET? Of 
course. But older languages are also 
available for Microsoft's managed run- 
time, like Fortran and COBOL. Add 
Ada to that list: In mid-September, Ada- 
Core rolled out GNAT Pro for .NET, the 
first commercial implementation of Ada 
2005 for .NET. 

The new release includes an Ada 
2005-compliant compiler that produces 
Microsoft Intermediary Language 
(MSIL), and also provides a tool set with 
supplemental bindings and libraries. 



AdaCore senior software architect 
Benjamin Brosgol explained that GNAT 
Pro makes full use of the .NET APIs and 
facilities. The APIs can be called from 
Ada through GNAT's binding tool, 
enabling the reuse of components. Like- 
wise, developers can use Visual Studio to 
edit Ada code. 

Microsoft provided some technical 
assistance to AdaCore, Brosgol noted. 

He described the port as an interest- 
ing migration path for the technology 
and discussed several scenarios that 
it enables. Brosgol explained that devel- 
opers could use GNAT to run an 
Ada application on .NET without any 
code modification whatsoever, or create 
multilanguage applications, as well as 
use Ada for its inherent scientific capa- 
bilities. I 
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Is RAD a Concept in Decline? 



< continued from page 1 

tional RAD is still very much 
alive. 

Enderle claimed that RAD 
is quietly dropping out of soft- 
ware ecosystems because peo- 
ple feel it isn't needed anymore. 
The drawbacks, such as 
reduced scalability, seem to 
exceed the benefits, he said. 

When RAD was first intro- 
duced, it was positioned as an 
alternative to classic "waterfall" 
methodologies. Before RAD, 
noted Enderle, requirements 
would change faster than soft- 
ware could be developed. But 
since then, he claimed, ordinary 
development tools are fast 
enough that deadlines are met 
without requiring specialized 
RAD tool sets. Advanced lan- 
guages such as C and C++ have 
become much more powerful, 
and tools are now created with 
more focus on having a product 
move quickly through the life 
cycle. 

IS AGILE THE NEW RAD? 

Michael Swindell, vice presi- 
dent of products for Code- 
Gear, believes that the RAD 
market has changed, with tra- 
ditional RAD processes evolv- 
ing into agile ones. Agile 
processes, he said, use RAD 
techniques that include rapid 
iteration and rapid proto- 
typing, but agile is a much 
broader process with its focus 
on team interaction and time 
boxing. 

Swindell cited differences 
between the traditional pro- 
cesses of RAD and RAD tools 
on the one hand, and frame- 



works such as Code Gear's Del- 
phi and RAD Studio and 
Microsoft's ASRNET that have 
evolved to support the need for 
agile development on the other. 
Today's frameworks are extensi- 
ble and open, he noted, with 
the ability to see source code 
and direct access to operating 
systems and hardware. 

Meanwhile, Sue Dunnell, 
product manager for Sybase's 
PowerBuilder RAD software, 
has a very different take on 
RAD — that it is still very much a 
legitimate development method. 
Dunnell pointed to Eclipse and 
SOA as modern examples of 
RAD in action. 



"RAD as a concept is used 
constantly," she said. "It's used 
in virtually every new product 
and utility that's out there, and 
developers expect everything to 
be drag-and-drop, easy-to- 
code, and all that." 

But Enderle and Swindell 
seemed to agree that the con- 
cept of RAD is essentially obso- 
lete. "The RAD concept was a 
point solution to a problem that 
existed with older tools that sim- 
ply took too long to go through 
the full cycle, but the shortcom- 
ing doesn't really exist any- 
more," Enderle said. "Speed is 
now a core function of any 
development effort, and it 



appears most folks can address 
the timeliness of a product with- 
out dropping into a RAD tool to 
accelerate delivery." 

Swindell concurred: "We've 
seen the strict RAD process 
decline over the years to be 
replaced by agile development 
and agile processes. As compa- 
nies are moving towards agile 
processes, the idea of rapid 
development hasn't gone away; 
it's just that a closed-box type 
of RAD environment like the 
old PowerBuilder where they 
would black-box runtimes with 
fixed functionality built into 
them — that idea has gone 
away." 



Dunnell bristled at the 
notion, arguing that RAD tools 
were "built to evolve. With 
PowerBuilder, we simplify 
development. With AJAX, for 
example. . . [users] click a check 
box to use AJAX, and under 
the covers, we do all the hard 
work." 

But Enderle sees RAD- 
centric tools such as Power- 
Builder as antiques, noting 
that RAD is no longer a prima- 
ry way to address a fundamen- 
tal development problem, and 
merely a point solution that 
can be used while developing 
with a mainframe or legacy 
platform. Yet RAD as a con- 
cept still hangs on, Enderle 
said, because "it takes a long 
while for a technique like this 
to purge itself." I 



THE BEST THING SINCE 8-TRACK? 





Ford Motor Co. is rolling out its new Sync 
voice-controlled communications and enter- 
tainment system in a dozen 2008 models 
under the Ford, Lincoln and Mercury mar- 
ques. Sync is based on the Microsoft Auto 
platform, which uses Windows CE as a foun- 
dation. The system offers Bluetooth connec- 
tivity and control for mobile phones, and a 
USB connection with even greater control for media players such as Apple's iPod and Microsoft's Zune, other media devices con- 
forming to Microsoft's PlaysForSure specification, and even simple USB flash drives. Ford claims the voice-activated device control, 
which supports English, French and Spanish, requires no training by the user. 






Platform-as-a-Service Built by Force 



< continued from page 1 

and former managing director 
of the CRM practice at 
research firm Aberdeen 
Group, said the Force.com 
platform-as-a-service is a nat- 
ural progression from soft- 
ware-as-a-service. 

"With the introduction of 
Force.com and some of the 
other tools we've seen recent- 
ly, virtually any application you 
can think of can be built using 
on-demand development and 
deployment technology. There 
are a lot of applications that 
haven't been [formally] built 
in an organization, or are 



[built on] spreadsheets or PC 
tools. Those tend to be sepa- 
rate from the IT superstruc- 
ture. Those applications also 
tend to be maintained at the 
department level, and if some- 
one leaves or gets hit by a bus, 
you may not have the where- 
withal to maintain that," said 
Pombriant. 

These applications, he 
added, are perfect candidates 
for moving over to the new 
Force.com platform. There- 
fore, said Pombriant, Sales- 
force's new platform isn't just 
for developers starting from 
scratch on new applications. 




'[Sales force has] some very, 
very large customers, and those 
are the people propelling them 
to build these new tools and 
services.' 

—Denis Pombriant founder, 
Beagle Research 



Pombriant expects the most 
likely customers for Sales- 
force's new platform to be 
those that have little time and 
money to spend on critical 
application development. 
When it comes to integrations, 
he said, these same customers 



are much more likely to need 
tailored solutions. 

"I think there is not one 
clear path, but there are prob- 
ably two or three. These paths 
are very well paved," said 
Pombriant. Those paths flow 
through the Salesforce API, 



through third-party solutions 
from companies like Informat- 
ica or integrations consultant 
firm Bluewolf. 

When asked if the market 
was ready for a platform-as-a- 
service, Pombriant said, "Eco- 
nomics are always going to 
drive this market. There's a 
strong demand for it that is 
more financially and economi- 
cally responsible to the organi- 
zation. I think we're probably 
at a good time for them to 
begin rolling out this tech. 
They have some very, very 
large customers, and those are 
the people propelling them to 
build these new tools and ser- 
vices. It's a question of time 
before the smaller ends of the 
market embrace it." I 
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Software Embedded Deeply at ESC 



BY DAVID WORTHINGTON 

BOSTON — Unlike previous years, soft- 
ware was not on the back burner at this 
year's Embedded Systems Conference 
(ESC), held here in mid-September 
under the umbrella of TechMash 2007. 

On opening day, AdaCore an- 
nounced a new addition to its high- 
integrity family GNAT Pro High- 
Integrity for Servers is designed to 
enable mission- and safety-critical appli- 
cations to run on native platforms. Some 
of its features include a configurable Ada 
runtime library, integration testing facili- 
ties and multilanguage compile system. 

The company also released the new 
GNAT Stack, which examines source 
code and performs data and control flow 
analysis, determining the maximum 
stack size for a specific task. It is partic- 
ularly useful with the High-Integrity 
product line, said AdaCore senior soft- 
ware architect Benjamin Brosgol. 

Common sense dictates that there is 
no room for failure in safety-critical sys- 
tems. With that in mind, GrammaTech 
found its niche producing automated 
defect-tracking software to help devel- 
opers eliminate bugs early in the devel- 
opment cycle. 

GrammaTech has paired its static 
analysis engine with a Web-based defect 
management system and database. The 
solution, dubbed CodeSonar Enter- 
prise, is designed for large development 
teams and permits managers and test 



teams to collaborate on C/C++ code 
analysis results across the organization. 

Code Sonar's groupware features can 
be used to assign bugs, annotate warnings 
with state information, and store histori- 
cal information to maintain an audit trail 
that enables trend reports and detailed 
sorting. Paul Anderson, vice president of 
engineering, noted that new rules for 
safety-critical development would be 
folded into upcoming point releases. 

Additionally, the CodeSonar static 
analysis engine has been fine-tuned for 
accuracy and has shorter examination 
times. CodeSonar Enterprise will be 
available in Q4. 

Hitachi's Embedded Business 
Group showed off version 2.2 of its 
Entier embedded relational database 
management system. The new version 
has built-in control of concurrent trans- 
actions for multitasking operating sys- 
tems, new update capabilities, and can 
simultaneously access multiple databas- 
es using its high-performance Data 
Manipulation Language. 

Entier's core search technologies 
were augmented to increase the perfor- 
mance of short text strings for complex 
word searches. Hitachi added the ability 
to search through geo-spatial data and 
perform conceptual searches, as well as 
alias searches, complex test searches and 
incremental text searches. 

Collin Bruce, director of marketing 
for Hitachi Entier, said that this set of 



features will allow end users to "search 
the way that they think." 

Lattix announced the release of its 
namesake architecture management 
software, incorporating new modules for 
Ada and C/C++ into Lattix 3.5 that inte- 
grate with Scientific Toolworks' Under- 
stand reverse engineering IDE and tool. 
Lattix 3.5 remains based on the Depen- 
dency Structure Matrix, an approach 
that records dependencies and uses 
them as the foundation for a blueprint 
that incorporates applications, databases 
and systems. 

Parasoft is thinking C/C+ + . New 
automated testing capabilities in Parasoft 
C++test expose runtime errors without 
actually executing an application. C++test 
has static analysis capabilities that simu- 
late application execution paths and 
determine whether the paths could cause 
errors. 

IBM's looming acquisition of Telelog- 
ic has not slowed the latter's momentum, 
as Telelogic has continued to customize its 
Rhapsody modeling environment for ver- 
tical markets. Telelogic demonstrated its 
latest vertical SKU, Rhapsody for Auto- 
motive, to selected viewers at ESC. This is 
the company's second vertical, following 
Rhapsody for Telecom. 

Rhapsody for Automotive comple- 
ments existing solutions by integrating 
behaviors and computational algorithms 
from existing IP. I 

P.J. Connolly contributed to this story. 



Solidware Wants 
To Raise 'Code 
Intelligence' 

BY DAVID WORTHINGTON 

BOSTON — Where would marketing 
executives and operations managers be 
without business intelligence? Quite 
possibly, where software programming 
managers are today — without quantita- 
tive, at-a-glance project information. 

But Solidware Technologies believes it 
has a solution that will allow managers and 
teams to truly "know their code." 

At the Embedded Systems Confer- 
ence here in September, Solidware 
released SWaudit 2.0, an update to its 
software auditing platform for Java that 
correlates data from coverage tools and 
static analysis tools, and uses key metrics 
to look for failure modes, or interactions 
of failure modes. 

"We layer intelligence over tools," 
explained Solidware CEO Sue Kunz. 
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Solidware SWaudit has an absolute dashboard that rates the quality risk of source code builds. 



"The concept is not to just throw people 
at the problem, [but instead to] use CPU 
cycles." According to Kunz, "there is a 
lot of heavy analysis people will not do." 
Kunz defined code intelligence as key 
to understanding software readiness: 
whether code is of unknown quality or in 
development. Version 2.0 of SWaudit 
introduces dependency mapping, archi- 



tectural integrity analysis and other ana- 
lytics, including configurable static analy- 
sis and risk-to-test coverage correlation. 
Results are displayed as high-level 
dashboards and summaries that identify 
failure-prone code. However, more 
detailed information that is geared 
toward developers and white-box testers 
is also generated. I 



MICROSOFT TO 
REFRESH EMBEDDED 
OFFERINGS 

BY DAVID WORTHINGTON 

BOSTON — Microsoft showcased 
its continued investment in the 
embedded space with the announce- 
ment that both the .NET Micro 
Framework and Windows CE 6 will 
be refreshed with new components, 
features and fixes. 

Microsoft is adding a lockdown 
feature to the .NET Micro Frame- 
work, and a service pack will include 
facilities for signed firmware updates 
and will provide the ability to disable 
Visual Studio debugging. 

The framework update will also 
add a font-building capability, along 
with various bug fixes and emulator 
improvements, said senior product 
manager Jonathan Kagle. Microsoft 
will also be implementing the Devices 
Profile for Web Services. The service 
pack is presently in beta and is com- 
patible with Visual Studio 2005. 

Windows CE 6.0 R2 is slated for 
release in November. Its kernel will 
be unchanged, but Microsoft is 
adding new components that target 
the home and industrial automation 
markets. I 

LABVIEW 8.5 ZEROS 
IN ON MULTICORE 

BY DAVID WORTHINGTON 

BOSTON —National Instruments is 
no stranger to multicore processors, 
but some developers are. With that 
in mind, the company developed 
version 8.5 of the Lab View graphical 
design platform with new automatic 
multithreading capabilities. 

Lab View 8.5 automatically creates 
the optimal number of threads based 
on the total number of cores available 
and supports symmetric multiprocess- 
ing, the ability to assign particular 
tasks to a specific processor core, said 
Jeff Meisel, Lab View Real-Time prod- 
uct marketing manager, at the 
Embedded Systems Conference here. 

It also includes thread-safe dri- 
vers and libraries to improve applica- 
tion throughput, and developers may 
use Lab View's parallel dataflow lan- 
guage to map applications to multi- 
core and FPGA architectures. 

In addition, the release targets the 
embedded and industrial applications 
space with a new stateflow design 
module that can be used to model 
and implement system behavior and 
new I/O libraries. I 
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Green Hills Rolls Into ESC 

A new RTOS, wireless middleware, visualization are on the agenda 



BY DAVID WORTHINGTON 

BOSTON — Green Hills Soft- 
ware came rolling into the 
Embedded Systems Confer- 
ence (ESC) here last month 
with more on its agenda than 
a tea party. Like a cup 
of chamomile, Green Hills 
soothed its customers' nerves 
when it announced the avail- 
ability of a ThreadX-compati- 
ble real-time operating system, 
and revealed new middleware 
and an extended virtualization 
offering. 

Green Hills was a reseller 
of Express Logic's ThreadX 
RTOS for nearly a decade, 
until Express Logic terminat- 
ed the reseller agreement in 
early 2006. That June, Express 
Logic sought arbitration, alleg- 
ing that Green Hills illegally 
copied the ThreadX API in the 
Green Hills j^-velOSity micro- 
kernel. An arbitration panel 
denied all of Express Logic's 
claims in August of this year. 

Green Hills' customers now 
have two options: They may con- 



tinue to use ^-velOSity, or use 
the new ThreadX-compatible 
RTOS. The replacement does 
not require any modification of 
production code, said Dan 
Mender, Green Hills' director of 
business development. 

When not selling peace of 
mind, Green Hills was pitching 
security at ESC in both wireless 
and virtual flavors. The compa- 
ny released extensions to its 
Secure Wireless Devices Plat- 
form. The platform now 



includes extended Wi-Fi secu- 
rity, Cisco Compatible Exten- 
sions, Wi-Fi Protected Setup 
and reference drivers for lead- 
ing Wi-Fi chipsets, and targets 
vertical industries. According to 
Mender, Integrity is certified 
as secure by the U.S. Federal 
Aviation Administration and the 
Food and Drug Administration, 
as well as the National Security 
Agency. 

The Integrity operating sys- 
tem now supports Intel's vPro 



processor technology, which 
pairs dual-core 64-bit proces- 
sors with a networking chipset 
for networks using 802. lx or 
Cisco's Network Admission 
Control, offering integrated 
hardware-based security, re- 
mote management features 
for PCs and virtualization 
capabilities. 

Integrity PC works with Intel 
vPro to perform a secure boot in 
which BIOS, hardware and the 
Integrity kernel are measured to 



provide what the company calls 
a trustworthy execution environ- 
ment. Integrity can run as the 
host operating system, with 
secure Linux or Windows parti- 
tions, without fear of cascading 
events, Mender explained. 

Integrity can also add native 
applications in parallel with 
Linux and Windows off-the- 
shelf applications to the user 
mode, on top of Integrity. 

"Point-of-sale transactions 
can happen through Integrity 
[instead of] Windows or Linux. 
That eliminates the possibility 
of corruption at the device lev- 
el," said Mender. "People aren't 
addressing security in virtual- 
ization." I 



Virtualization Becoming a Factory Option 



BY P.J. CONNOLLY 

Virtualization is quickly moving 
from being an add-on to 
becoming as integral to a com- 
puting platform as firmware. 
Operating systems preinstalled 
at the factory are nothing new, 
but XenSource has taken a new 
step in providing what it calls 
the first embedded virtualiza- 
tion platform for OEMs. 

"Our products should be 



simple and powerful enough to 
be embedded in every server as 
an extension of the hardware 
platform," noted XenSource's 
Frank Artale, vice president of 
business development. 

XenExpress OEM Edition, 
which was announced in early 
September, allows the inclusion 
of a full virtualization platform 
at the server component level. 
It can be delivered in system 



flash or on the hard disk, and 
works with both Microsoft's and 
VMware's virtual machine for- 
mats, and takes advantage of 
hardware-based virtualization 
features in new processors from 
AMD and Intel. Servers can 
boot with multiple BIOS parti- 
tions and be ready out of the 
crate for virtual machine instal- 
lation. 

XenExpress OEM is expect- 



ed to enable the delivery and 
use of value-adding extensions, 
allowing vendors to ship systems 
with embedded secure parti- 
tions for management, recovery 
and security. Customers pur- 
chasing machines with XenEx- 
press OEM Edition will be able 
to upgrade to the company's 
XenEnterprise, although specif- 
ic details such as pricing were 
not available. I 
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Sharing, the Future of Technology. 



ResultSpace is where in-the-know businesses go. 



For the first time, ResultSpace, 
the secret behind Sapient's 
industry-leading track record 
in global application delivery, 
is available to IT services 
providers and in-house 
software development teams. 

ResultSpace is an Agile application 
lifecycle management solution 
built on open standards and 
incorporating a rich heritage of 
on-time and on-budget delivery 
for Global 2000 companies. 



No matter where in the world 
you do business, ResultSpace's 
planning, tracking and collaboration 
capabilities provide increased 
visibility, transparency and 
control over complex projects. 

Enabling you to realize additional 
value from your Agile investments, 
ResultSpace aligns executive 
vision with team output, delivering 
superior business results. 

We'd love to show you the benefits 
of ResultSpace via a free demo. 



Visit us at www.resultspace.com or e-mail info@resultspace.com. 
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Extending new processes beyond a single project team presents unique challenges 



BY DAVID RUBINSTEIN 



Many organizations have begun to reap the 
benefits of agile development on their 
internal projects — shorter time-to-market, 
better quality software, more team produc- 
tivity Now, they want to know how to get those same 
advantages when doing agile development throughout 
a distributed team. 

The answer? Get a Subversion code management 
system, a Webcam for whiteboard meetings and a 
speakerphone. 

Of course, achieving agile success with a distributed 
team is quite a bit more complicated than that. But 
three principles — the ability to share plans, access the 
code from a single repository, and communicate effec- 
tively — form the cornerstones of spreading agile 
processes over disparate locations. Then, experts agree, 
the members of the team must be highly competent 
and working in an environment that fosters trust, pro- 
vides a feedback structure, and gives visibility across 
business and development efforts. 

One of the messages of agile is that it improves qual- 
ity. Andrew Glover, president of the consulting firm 
Stelligent, said that's the wrong message. "People don't 
want to pay for quality. You say quality, people think 
QA, and QA has no money. Switch out 'quality' with 
'delivery speed,' and people start buying it," he said. 

The core principles remain the same regardless of 
the specific agile process in use; although at the recent 
Agile 2007 conference, a number of consultants and 
developers mentioned that distributed agile develop- 
ment is most effective when Scrum is used in tandem 
with Extreme Programming, or XP Scrum provides the 
overarching management structure, while XP is in place 
at the developer level where the coding is actually done. 

Before any code can be written, though, it's impor- 
tant to get everyone on the same page. Several experts 
suggested bringing the teams, or at least representatives 
of each team, together before the project begins in a sort 
of common architecture design meeting. "It's important 



for teams to get familiar with each other before they are 
dispersed," said Paul Hodgetts, CEO of agile consultant 
practice AgileLogic. "It's costly, but the benefit offsets 
the cost and helps the project not drift off." 

Scott Ambler, a noted author and agile development 
practice leader at IBM, agreed, saying, "You have to be 
willing to fly people around. Penny-wise and pound- 
foolish leads to disaster." It's important to build bonds at 
the beginning of the work, and then use "ambassadors" 
to travel back and forth to overcome communication 
challenges and, in the case of teams located abroad, 
knock down cultural barriers as well, he said. 

GETTING TOGETHER 

The creation of a collaborative work environment, and 
having people skilled in project management, are 
important first steps in taking agile into wide use. "If 
you're not good at managing a single location, you've 
got no shot at a distributed agile project," Ambler said. 
He also suggested there is a bias among American 
developers, who he said believe they can do a better 
job than overseas developers. But you might have a 
CM MI Level 3 U.S. team managing a Level 5 team 
from India, "and that's backwards," he explained. 

However, Peter Harrison, CEO of outsourcing 
company GlobalLogic, said American developers actu- 
ally do have more experience than teams abroad, and 
that no bias exists. "The average outsourcer today has 
two to three years' experience, while in the U.S., the 
average [outsourcing] experience is eight to 10 years. 
You can't have peer-to-peer relationships as effectively. 
You need true peers on each end." 

Doug Mow, senior vice president of Exigen Ser- 
vices, an outsourcing company, said, "You need an elite 
organization committed to its reputation." Team mem- 
bers, he said, need to be teachable and willing to learn. 

But communication, Mow said and several experts 
agreed, is the main hurdle to overcome. Some use con- 
ference calls. Some use Skype or set up wikis. But Har- 



rison advised, "Get rid of e-mail. It's a disaster." Often, 
people who need to know about an aspect of a project 
are not copied on the e-mail, or a thread gets broken 
and the context of the message is lost, he explained. 

Some organizations find that as they try to ramp up 
their agile efforts, the original agile team loses produc- 
tivity when the team leader is moved to another team 
to get it going. "Training is essential, and having a good 
mentor on every project is crucial," Harrison posited. 

Serena vice president of ALM products John Scum- 
niotales said, "Until agile behaviors get institutional- 
ized, you'll see productivity wane when a Scrum mas- 
ter moves from the first project" to another. 

WHAT DO THEY WANT? 

More traditional waterfall methods involve soliciting 
input from the business side, writing high-level 
requirements and themes, and performing technical 
analyses for implementing features — before any code 
gets written. In contrast, agile processes advocate less 
up-front planning, emphasizing flexibility in reacting to 
changes. But any development project starts with a set 
of requirements, no matter how simple. 

"Most agile teams haven't used classical require- 
ments modeling and a big specifications document," 
said Tom King, executive vice president at require- 
ments modeling company Ravenflow Instead, "they 
sketch models on whiteboards and do lightweight use 
cases." However, King noted that a developer in Ban- 
galore might make incorrect assumptions when filling 
in gaps in lightweight requirements. 

It's important, then, to be able to share whiteboard 
sketches electronically — a virtual standup meeting, if you 
will — so business analysts and other stakeholders can 
review the requirements diagrams. In fact, a recent sur- 
vey completed by Ambler showed that lightweight use 
cases and informal stories rated high among agile devel- 
opers, while formal specification documents scored low. 

continued on page 42 ► 
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Extending Agile Practices to Distributed 



< continued from page 41 

"When projects took six or 
eight months to complete, 
needing a month for require- 
ments was OK," King said. But 
with todays eight-week com- 
pletion times, four-week 
requirements phases are "out of 
proportion." 

Another approach is to do 
visual prototyping, according to 
Mike Evans, director of the 
customer enablement team at 
Skyway Software. "It's actually 
visual requirements gathering. 



A solution architect sits in with 
the team during requirements 
gathering and builds out the 
framework for the application. 
In two to three days, he can cre- 
ate a running prototype of the 
application to prove the 
requirements." Then, instead of 
a prototype of requirements, 
you have a prototype of the 
actual application, which can 
then be taken into develop- 
ment. "It's a predictive model 
for building the application 
based on a prototype that maps 



back to the requirements. It 
gives a truer picture of the time 
and cost before you even start 
development." 

Compounding the problem 
of communicating require- 
ments is the difficulty in writing 
tests that prove the requirement 
has been met. "Often, there's 
miscommunication about the 
intent of the feature, or how to 
test it," said Kingston Duffie, 
founder and CTO at device test- 
ing software company The Fan- 
fare Group, which runs agile 



FORMULA FOR SUCCESS 



There are some critical steps to take to succeed in applying agile practices to distributed develop- 
ment teams. According to Peter Harrison, CEO of outsourcing company GlobalLogic, they are: 

• Have familiarity ahead of time. Teams must have working knowledge of one another, for confidence 
and trust. Harrison calls this a "human-driven engineering form." 

• Put together a senior team. The more experience you can gather, the easier overcoming hurdles can be. 

• Make sure time overlaps. Teams should work together a minimum of two hours per day, or any 
agility you have will atrophy away. "No overlap is a recipe for disaster," he says. 

• Never leave your in-basket full at the end of the day. If you set up a round-robin-type arrangement 
of handoffs, you can extend your day and shorten your cycle. 

• Leverage technology to the fullest. Wikis and workflow-type products for managing time, 
reguirements, tests and tasks "have made life so much easier," Harrison says. 



development teams in New 
Zealand, Russia, Vietnam and 
other locations overseas. "QA is 
the low-hanging fruit. They're 
under the greatest stress, and 
business people don't know how 
to communicate on their level. 
Also, they usually have the 
shortest time to do their work." 
So creating a transparent docu- 
ment that defines what a test is 
and how to define success, 
instead of simply offering up 
more code, enhances communi- 
cation, he said. 

IS IT BUILT YET? 

Agile processes call for frequent 
builds. But organizations must 
decide if that means every half- 
hour or four times a day. Further, 
some experts say a single, central- 
ized repository that offers high 
visibility is essential to effective 
distributed agile development. 
But how does it all tie together? 
Resource management is the 
answer, because even when the 
code is centralized, there still 
will be people trying to run their 
own things. "You want to pro- 
vide multiple lanes' of builds to 
get them going simultaneously," 



said Martin Van Ryswyk, vice 
president of engineering at build 
management software provider 
Electric Cloud. "Now there is no 
'overnight' with a five- or six- 
hour build and then spending 
the morning solving problems of 
the night before. You've got to 
be able to do things fast, or you 
don't get the benefit of few 
check-ins with each build. If you 
can [build] more often, it breaks 
big problems into small ones 
that are all in one place." 

Equal to the central reposi- 
tory is the need to get an accu- 
rate record of the builds. 
"Everyone needs to have access 
to the data so things can be 
kicked off [to developers] to see 
what happened," Van Ryswyk 
said. This also enables teams to 
take advantage of the round- 
the-clock development oppor- 
tunity that distributed teams 
can provide. "Folks in India can 
see how [code] was checked in 
and perhaps fix it. They don't 
have to wait for a California 
development team to come in 
the next morning to fix it." A 
centralized build farm, he 
pointed out, means an organi- 
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Teams Presents Unique Challenges 



zation doesn't have to support 
redundant hardware resources 
to do continuous integration. 

Continuous integration also 
provides measurement and 
accountability, according to 
Stelligent s Glover. "Continuous 
integration and build automa- 
tion with reporting gives 
tremendous visibility." That vis- 
ibility he noted, raises the level 
of accountability, as all can see 
where a problem was intro- 
duced into the code. "Is humil- 
iation a good thing? Not neces- 
sarily, but it motivates 
developers to not break the 
build again," he said. 

Two open source projects — 
the automated Cruise Control 
build framework and the Hud- 
son continuous integration 
engine — are getting more 
sophisticated, Glover said. 
"These poll the SCM system 
and wait for change. If they 
notice a change, they run a 
build," he explained. 

The automation framework, 
Van Ryswyk said, is critical to tie 
in scheduling and integrations. 
"You want to coordinate local 
builds but with an official pro- 
cedure and hardware," he said. 
"You want results, when it's 
done, to end up in the central 
location." 

OTHER CONSIDERATIONS 

Despite having communication 
and collaboration tools in place, 
Roger Nessier, vice president of 
product services at the consul- 
tant firm Symphony Services, 
suggested that if one has 10 
development teams, but two 
are in a different location than 
the other eight, the remote 
teams should work on different 
aspects of the project to main- 
tain the integrity of the core 
group's work. "You need clear 
delineation, so the two teams 
don't break code being worked 
on by the other eight," he said. 

IBM's Ambler agreed. 
"Teams need to do their own 
things and then negotiate the 
interfaces later." 

Serena's Scumniotales even 
said agile might not be good for 
all projects. "In reality, most 
environments are heteroge- 
neous from a process stand- 
point. If you have a project 
that's mature, and perhaps 
you're only doing maintenance, 
what's the ROI of moving that 
project to agile? That's the real- 
ity businesses are dealing with." 

So, if you need more com- 



munication with overseas teams 
than collocated ones, either via 
flying in or teleconferencing, 
and you have to have more 
whiteboard planning meetings, 
and you have to keep teams 
working on different projects, 



aren't you losing the "agile" in 
the process you hoped to gain? 
No, according to Dave 
McMunn of business consulting 
firm Command Information. 
Agile evangelists have to soften 
up the message. Many indepen- 



dent coaches and consultants 
"say that to be XP you must do 
this and this, and if you're not, 
you're not being true to agile." 
Instead of calling it agile devel- 
opment, the term should be 
changed to "best practices 



development," he said. "But 
I'm not sure we're ready to do 
that... as a community. There's 
not enough momentum and 
coalescence of thought to make 
that transition." 
Yet. I 
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FROM THE EDITORS 

Beyond RAD 

Its been quite a while since software companies aggressively pursued 
the concept of rapid application development, or RAD, as a means of 
getting simple programs out the door quickly using integrated develop- 
ment environments with lots of wizards and point-and-click code gener- 
ators. Inherent in the RAD concept was that there would be a counter- 
point: More serious line-of-business applications would be built with 
non-RAD toolchains, presumably assembled from discrete "professional 
grade" tools, such as editors, compilers, debuggers and modelers. 

What has happened is that the RAD and non-RAD worlds have merged, 
thanks to the steady improvement of IDEs. Where, once, a developer hop- 
ing to construct a desktop database-backed application had to hand-code all 
of the SQL statements, network code and desktop interfaces, these days 
there are countless ways to build the same application either on top of exist- 
ing code, or simply by pointing and clicking in the right software. 

The demise of RAD, as a characterization of a set of development 
tools and of a development philosophy, is a sign of just how far we've 
come. The vast majority of developers, even those working on large pro- 
jects, can accomplish a tremendous amount with Visual Studio, Eclipse, 
NetBeans or JBuilder — even if they don't choose a major full-service 
application life-cycle management suite. 

When was the last time your developers actually wrote out all the head- 
ers and includes needed in a fresh project? It's more than likely they used a 
RAD-like feature in their IDE, which asked them to point and click on 
needed libraries. And why not? The biggest hurdle on most projects is sim- 
ply getting started, so it's for the betterment of our organizations that the 
leading IDEs tend to come with templates and building blocks that can tai- 
lor a new file to our needs at the drop of a mouse button. 

In the same way that car makers no longer brag about their automat- 
ic choke or antilock brakes, software companies rarely brag about their 
IDE's RAD capabilities anymore. Every IDE that's worth a darn now 
includes RAD functionality. But now we just call them "features," bare- 
ly worth a second glance. 

No Back Doors 

A lot of software, both enterprise and commercial, have back doors, 
which allow developers — or other, unscrupulous people — to bypass 
security systems and have access to the application, its data or the net- 
work on which the software is running. 

Sometimes those back doors are unintentional. Perhaps they were 
coding or testing aids to allow developers to take shortcuts during the 
design, programming or QA process, or to simulate the running of the 
application in a test bed environment that might have the same charac- 
teristics as the deployment platforms. These back doors were meant to 
be disabled or removed prior to delivery. . .but sometimes they're left in, 
either accidentally or on purpose. 

Too often, these back doors are exploited by the developers, or by oth- 
er people who discover them by examining source code or using sniffers. 
Those exploits are used for theft, blackmail or worse. 

SD Times condemns, in the strongest possible terms, the practice of 
embedding or leaving hidden back doors in delivered applications. That's 
true whether the applications are commercial off-the-shelf packages, 
enterprise apps written by salaried on-staff developers, or work done by 
outsourcing companies or consultants. 

If you are writing software for someone else, you should make certain 
that there are no back doors left in your delivered applications. That may 
mean scanning software, especially around data access, remote access 
and security routines. 

If you are commissioning software to be written by consultants or others, 
ask them to guarantee — in writing — that no back doors are being left in 
their work. Ensure that they take full liability if that pledge is proven false. 

This is a big issue. Software back doors should not be taken lightly. I 
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IT DID NOT TAKE LONG for some 
intrepid programmer to unlock the 
Apple iPhone. The tinkering broke 
AT&T's hold and made it possible to use 
the phone on another carriers network, 
albeit with limited functionality. Cue the 
inevitable response from Apple: soft- 
ware updates that 
undo the hacking 
under the guise of a 
critical security 

update. But Apple 
went a step further 
this time: "WARN- 
ING: Apple has dis- 
covered that some 
of the unauthorized 
unlocking programs available on the 
Internet may cause irreparable damage to 
the iPhone's software," a message reads 
during installation. "If you have modified 
your iPhone s software, applying this soft- 
ware update may result in your iPhone 
becoming permanently inoperable." 
Apple s desire to exercise control over its 
product is understandable, but whatever 
happened to the freedom to tinker? And 
more important, why would Apple want 
to leave its customers with a shiny paper- 
weight? At press time, word is that Apple s 
plot has backfired: The update is also 
turning customers' iPhones that were not 
unlocked into iB ricks. 

-David Worthington 

SORTABETA. It sounds like a delicious 
frozen dessert, doesn't it? But it's a word 
I made up the other day, when explain- 
ing to one of my colleagues how 
Microsoft's Community Technology Pre- 
views fit into the classic alpha-beta- 
release candidate hierarchy. This isn't the 
funniest thing I've ever said; it's been at 
least a decade since I started calling 
myself an unpaid gamma tester, for 
example. But people thought that one 
meant I specialized in displays and mon- 
itors, so I don't use it in technical compa- 
ny. But "sortabeta" is catchy; I might just 
have to trademark it. It nicely describes 
software in the CTP state, code that's not 
really ready for prime time, but good 
enough to take a kick to the tires. 

-F.J. Connolly 

IF YOUR COMPANY HAS a customer 
service call center among its branches, 
chances are that it's one of the most cost- 
ly, frustrating and difficult portions of the 
business. Thanks to IP Telephony, all 
manner of software can now be built (on 
Cisco, Asterix or otherwise) to control 
and manage incoming phone calls, and to 
keep those operators more informed. As 
a pilot project, I'd recommend finding 
any way possible to keep user-input data 
alive throughout the call. Nothing is more 
irritating when calling for help then hav- 
ing to dial in your account number, only 
to then be asked for this information two 
or three more times by operators. Whip- 



ping up some metadata controls that can 
be associated with live calls in the hold 
queue shouldn't take too long, provided 
the underlying infrastructure of your 
company's phone network has been 
refreshed in the past two years. It's not 
just a good idea — it'll save everyone time 
and frustration, particularly your callers. 
-Alex Handy 

BEFORE YOU SHELL OUT money for 
a requirements tool, ask yourself whether 
you really need one. That's the advice 
Forrester Research offered in a Sept. 28 
report, "Selecting the Right Require- 
ments Management Tool — Or Maybe 
None Whatsoever." Tools are good at 
tracking things such as which require- 
ments have been tested. But they can't 
improve the quality of the requirements 
themselves. Nor can they ease the 
process of changing requirements during 
the development process. "Using 
requirements management tools to 
address pains around requirements 
change is like using accounting software 
to curb runaway expenditures," the 
report said. 

-Jennifer dejong 

I AM CURRENTLY TAKING some 
graduate courses at Hofstra University 
here on Long Island, N.Y., in pursuit of a 
master's degree in journalism, and one of 
the main classes that I am enrolled in this 
semester is called "Journalism on the 
Web." As an assistant editor on SD 
Times, I already have a leg up in the 
class. The professor talks about the cre- 
ation of mashups, and I already know 
what they are and how to build one. 
We're being schooled on the use of RSS 
feeds, writing HTML, and that is already 
a stroll in the park. Now, if the professor 
asks us if we know anything about appli- 
cation life-cycle management, that's 
where I'll really be able to "wow" them. 
-Jeff Feinman 

MY TEENAGE DAUGHTERS are big 

into social networking; one has a Face- 
book account, the other a MySpace 
page. I happened onto their pages 
recently (I wasn't spying, and I'm stick- 
ing to that story!) and noticed each had 
about 250 "friends" who had access to 
their sites. I remarked to them that I 
didn't even know they knew that many 
people, and I was told they're just kids 
from school, and friends of kids from 
school, and friends of friends of kids 
from school. So I asked about how many 
they actually communicate with regular- 
ly, and found out they talk to about 10 or 
15 each. It's scary to think, though, about 
how many people they hardly know that 
have information about where my 
daughters go to school, what year they 
will graduate, and some of their favorite 
things. Is that what friends are for? 

-David Rubinstein 
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Is a Featureless Product in Your Future? 



For decades, most ISVs have taken 
this approach to creating new ver- 
sions of software: Pile on additional fea- 
tures, market them as the newest and 
greatest, then sit back and hope the rev- 
enue comes pouring in. 

In the best case, before starting devel- 
opment the software company surveys 
users to find out which features top their 
wish lists, and their order of 
priority In other cases, the 
approach can be a casual one: 
getting a few salespeople into 
the office and asking, "So, what 
do these people want?" And, of 
course, there's the "developer 
knows best" approach, which 
bypasses any polling or infor- 
mation-gathering in deference 
to the developer's superior 
knowledge of what the cus- 
tomer needs. 

Once the feature list is prioritized, 
developers go to work ladling these new 
features into the software framework, try- 
ing to fit in as much as possible within the 
promised delivery time. If they can't 
deliver a feature list that looks good on a 
spec sheet, Web site and press release, 
they might delay delivery or compromise 
on a reduced feature set that will stem the 
tide until the next product release. 

What's not to like? If users get what 
they think they requested, and the fea- 
tures actually do what they are purport- 
ed to do, then this feature-driven 
approach works fine. Users can justify 
upgrade purchases to their bosses based 
on waving the spec sheet and reiterating 
the vendor's promises of better perfor- 
mance and quality. 

From the ISV side, it works wonder- 
fully. A new version of software with 
additional features typically opens up a 
fresh revenue stream, giving an existing 
product new life and making a substan- 
tial contribution to the bottom line. 

So, if the user is happy and the soft- 
ware company is happy, what's the issue? 

MISSED OPPORTUNITY 

The issue is one of missed opportunity: 
the opportunity to do something really 
great that users have never seen before 
and could never even imagine, much 
less request, in a feature survey or dis- 
cussion — something that gets a job done 
in a way that makes their lives better. 

Developing this type of product 
requires going beyond features. It means 
concentrating on what the customer 
wants to achieve. Sounds simple, but it is 
extremely difficult. The rewards for get- 
ting it right, however, are substantial. 

Take a look at the search engine mar- 
ket just before the turn of the century. 
Alta Vista, Hotbot and Infoseek were 
doing a pretty good job with their search 
engines, and people were relatively hap- 
py to use them. You didn't hear a lot of 
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cries from the general public for a sim- 
pler, more effective search engine. Then 
came Google. 

A couple of smart guys from Stanford 
figured out that all people cared about 
was the fastest, simplest and best way to 
search. They developed a product that 
does one thing awesomely well. By con- 
centrating on the end result — better 
search — and pioneering new 
ways to get there, Google 
changed the whole land- 
scape, and created a brand 
name that's both a noun and 
a verb. 

Google tapped into a 
need that was never 
expressed explicitly. The 
processes that begat this 
phenomenon could not have 
come from asking customers 
about features or method- 
ologies for delivering information. 

AIMING TO DELIGHT 

When a customer is asked about fea- 
tures, the software development process 
is stunted from the beginning. The cus- 
tomer is only going to talk about what he 
or she knows in technical terms. As 
Apple's Steve Jobs said in a 1998 inter- 
view with BusinessWeek, "It's really 
hard to design products by focus groups. 
A lot of times, people don't know what 
they want until you show it to them." 

What customers do know, often in 
passionate detail, is what they want to 
achieve. If a company can deliver on just 
one thing a significant number of cus- 
tomers really want — something that 
changes their work lives — these cus- 
tomers are not just pleased, they're 
delighted. 

With the feature-based approach to 
development, a software company might 
have a guaranteed "well done" from the 
customer, but there will never be that 
transcendent feeling that comes from 
forging a connection with a customer that 



goes beyond the product — a connection 
that makes customers feel that you are in 
touch with their needs and desires. 

Conventional wisdom says that you 
can't sell a product without promoting 
new features. The rationale is that cus- 
tomers talk the simplicity talk, but they 
buy feature-laden complexity. Offering a 
simple way to complete a task that used 
to take multiple, tedious steps is not 
enough to sell a product. 

It's true that there will always be peo- 
ple who want more features, just as there 
are people who want to wear multiple 
gold chains or buy the car with the most 
options. But, that's not always the case any 
longer in the software market, if it ever 
was. Software professionals know their 
jobs inside and out, or certainly well 
enough to recognize a tool that can save 
them time and energy. They'll settle for 
new features and incremental improve- 
ments if that's what you got, but they'll 
devour anything that elegantly solves a 
problem in a simple way — even if it 
doesn't come with a page-long feature list. 

The key is getting potential customers 
to try the product. That's where provid- 
ing free trials of the complete software 
over an ample amount of time makes the 
difference. Many companies don't do 
this, for fear of piracy or that the soft- 
ware will be used to take care of a prob- 
lem during the evaluation period and not 
purchased. But, these are chances a soft- 
ware company should be willing to take if 
it thinks it has a superior solution to offer. 

Once people have a chance to try 
something that works better and more 
simply, evidence shows that they not only 
will buy in a big way, but also will become 
advocates for the company that solved 
their problem. That's what separates what 
Jobs calls the "insanely great" product 
from the merely competent one. I 

Simon Galbraith is joint CEO of Red 
Gate Software, which sells SQL and 
.NET development tools. 



SOA Presents Problems 
For OA Teams 



Although many shops have adopted test- 
ing and QA regimes, conventional meth- 
ods such as functional and unit testing 
are no longer sufficient, concludes a 
recent report from Aberdeen Group. 

In "SOA And Web Service Testing: 
How Different Can It Be?" Aberdeen's 
respondents indicated that testing busi- 
ness processes, integration and regres- 
sion have become essential components 
of the test plan. Reguirements for per- 
formance and security testing have 
added to the complexity of the chore fac- 
ing the OA team. 
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Erlang: What the Cool Kids Are Doing 



Geepster, n. A person who derives 
his or her identity by mastering complex, 
but lesser-known, technologies; a geek 
hipster. 

Erlang, n. What all the geepsters are 
using now that they let anyone code in 
Ruby 

The psychology of the "early mar- 
ket" adopters is brutal. Enthusiasts 
and visionaries convincingly sing the 
praises of this programming language 
or that architectural model, articulat- 
ing advantages and emphasizing the 
"game changing" nature of the technol- 
ogy. Thousands of blogs are launched, 
dozens of books are printed, a clutch of 
conferences convened: The technology 
is poised for total and utter dominance 
of the software development world! 
Then everyone moves on to the next 
thing. 

I've long advocated the model 
explained in Geoffrey Moore's "Cross- 
ing the Chasm," with its ruinous chasm 
between "early" and "mass" markets, as 
the best for understanding the adoption 
of software development technologies. 
I don't want to rehash that belief, but I 
feel sorry for those in the Ruby and 
Rails communities, who must be feel- 



ing a little jilted right now. To be clear, 
I believe that Ruby actually has 
"crossed the chasm" and will see whole- 
sale adoption in the enterprise. 
Microsoft's IronRuby project has 
tremendous potential when coupled 
with the Dynamic Language Runtime 
and Silverlight 1.1, while Sun's JRuby 
project has not just shipped, 
but appears to be ticking off 
incremental milestones with 
ease. 

Meanwhile, CodeGear, 
the company formed from 
Borland's languages division, 
has shipped the first version 
of a dedicated IDE for Ruby 
called 3rdRail, and Sap- 
phireSteel, whose Ruby In 
Steel plug-in for Visual Stu- 
dio has been my preferred IDE for 
Ruby development, has made a .NET- 
to-Ruby bridge available for free down- 
load. But the blogosphere's encomiums 
to Ruby have definitely waned, and 
recent Technorati searches have been 
more likely to turn up sour "this would 
be easier in PHP" posts than the raptur- 
ous testimonies of the past few years. 
Such is the fate of technologies running 
the gantlet of the skeptical mass market. 



\ 



In the meantime, the geepsters have 
moved on to Erlang. Erlang is not short 
for "Ericsson Language," but rather is 
named after A. K. Erlang, an early 
telecomm theorist (who's also, I am 
told, the namesake of a dimensionless 
unit of telecomm traffic volume). The 
fact that Erlang was developed and 
matured within Ericsson is a 
happy coincidence. Until 
recently, Erlang was viewed 
in the programming language 
community as a commercial 
(and therefore somewhat 
suspect) language suited pri- 
I marily for telecomm and 
^ff perhaps other embedded 

systems. The surge in inter- 
est has been driven primarily 
by the release of Joe 
Armstrong's excellent tutorial book 
"Programming Erlang: Software for a 
Concurrent World" (Pragmatic Book- 
shelf) and the growing realization that 
we are, indeed, entering that "concur- 
rent world." 

Erlang implements the "Actor" para- 
digm for concurrency, whose essential 
component is very fine-grained asyn- 
chronous messaging flowing between 
lots of processes (it's worth noting quick- 





ly that Erlang's processes do not have 
anything like a 1:1 mapping to OS 
processes). As I've mentioned in recent 
columns, this is one of several alterna- 
tives to the lock-based model embodied 
in .NET and other mainstream plat- 
forms. Although it's far too preliminary 
to crown any of these alternatives as a 
complete solution, nothing but good can 
come from more people taking them out 
onto the roads for a spin. 

While creating thousands of process- 
es is the thrill that is causing the most 
excitement right now about Erlang, it 
also has a fascinating "hot swap" capa- 
bility that allows you to replace modules 
dynamically without losing state or 
restarting the application. Obviously, 
this is part of Erlang's telecomm legacy, 
but the thought of a system that never 
has to be taken out of service for 
upgrading is heady stuff. 

Erlang's syntax may be intimidating 
at first glance, and its lack of a modern 
IDE off-putting, but those are exactly 
the sorts of things that enthusiasts and 
visionaries can look past in favor of a 
technology's unique virtues. Of course, 
in three years, you can expect me to start 
screaming that what Erlang needs is an 
editor with decent code completion. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 



From Ant to Maven 



During the past month, I have been 
doing what increasing numbers of 
developers are urging their peers to do: 
move projects from Ant to Maven 2. In 
my July 1 column, I discussed my 
mounting frustrations with Ant ("Mov- 
ing Past Ant," www.sdtimes.com/article 
/column-20070701-04.html). When I 
finally was no longer motivated to sol- 
dier on with Ant's minimal delivery mod- 
el, I finally put the time in to make the 
switch to Maven. I'm glad I did. There is 
lots to like about Maven. 

Most visible is that Maven has a 
vision of a build cycle that consists of a 
sequence of commonly performed 
build steps. You indicate what you want 
done in certain steps, and that's it. 
Maven has intelligent default behavior 
for the other steps, so the results tend 
to be what you expect. This build mod- 
el enables Maven to embrace the para- 
digm of "convention over configura- 
tion" that was made famous by Ruby 
on Rails. With Maven, you roll with the 
basic model, making only small tweaks 
for project-dependent steps, rather 
than configuring every step in detail 
for Ant. Ant is more like the venerable 
make tool, which simply follows orders 
and serves as a meta-level task execu- 
tion language. 

The Maven model also has a useful 
end result in addition to the built pro- 



ject: a Web site with the reports gener- 
ated by the various build steps. Maven 
creates a Web site with menu picks that 
reflect not only reports on standard 
operations, but any other documents or 
reports you request. For example, 
place a JDepend command in Maven 
to see the dependencies between pack- 
ages in your Java project, and the 
results are displayed in an HTML 
report on your Maven Web site. 
Because of this, your project 
Web site as created by 
Maven always reflects the 
latest status of your project. 
Stick it on your developer 
intranet, and all team mem- 
bers know exactly where 
things stand. 

This comes tantalizingly 
close to what is thought of as 
continuous integration (CI). 
However, it lacks a few cru- 
cial elements that CI provides: It does 
not monitor source-code repositories 
for any modification that could start up 
the build process, and it does not keep 
historical data on previous builds — the 
generated Web site is a single time 
slice. But if you add monitoring and 
history to Maven, you would have a 
barebones CI system. Because of this 
proximity, most CI systems support 
Maven 2. 



Integration Watch 




Maven has another very convenient 
feature. When you ask it to run a utili- 
ty (such as one of the many code 
checkers available), it knows how to 
find and download the utility and how 
to download the libraries and 
resources the utility requires. Picking 
up my previous example of JDepend: 
Maven downloaded all the needed 
pieces and stored them in its local 
repository and then generated the 
JDepend report. 

Ant, by comparison, re- 
fused to run JDepend and 
instead issued a warning 
that it could not find a need- 
ed JAR file. This feature can 
also be leveraged by sites to 
make sure that they are 
always building with the lat- 
est versions of tools. (Pre- 
dictably, this update feature 
can be overwritten.) 
The migration from Ant to Maven is 
not hard. The central file for both uses 
XML (alas). And the specification 
of options for specific jobs will look 
familiar. However, Maven does expect 
a certain directory layout for source, 
binaries, tests, library files and so 
forth. This arrangement can be over- 
ridden, but doing so flies in the face of 
the convention over configuration 
mantram. 



Fortunately, the project layout is 
eminently sensible, so migrating to it is 
not likely to be a problem, only a one- 
time hassle. 

A complaint I have heard a few 
times is that there is not much in the 
way of documentation for Maven 2, so 
newbies have to work in the dark. 

Fortunately, this is a misperception. 
There's a lot of excellent documenta- 
tion, but it's not obvious where to find it. 
There are two comprehensive guides 
available at no cost in PDF format: 
"Better Builds with Maven," by four 
authors (www.devzuz.com/web/guest 
/products/resources), and "Maven, 
The Definitive Guide," by three 
authors (www.sonatype.com/book). 
Both books run to nearly 300 pages 
and are excellent. 

For those who want to enter the 
pool from the shallow end, Sing Li's 
"Introduction to Apache Maven 2" 
(www-128.ibm.com/developerworks 
/edu/j -dw-java-mavenv2.html) is a great 
place to start and, at 35 readable pages, it 
gives you a quick, easy overview of the 
tool and how to get rolling. 

In all these texts, you should avoid 
reading about Maven 1, which was a 
rather different beast in key ways. 

Stick with Maven 2: Your days of 
cursing at Ant will be over, and your 
builds will be much easier. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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Open Source and SOA 



What's funny about open source is the 
number of definitions I see for it, 
and the number of reasons why people 
think it's a good thing. I kind of look at it 
like hybrid cars. Most people don't know 
how they work. They just know they are 
good, and thus want them. So, let's drill 
down on this a bit. 

From Wikipedia: 

"Open source is a set of principles and 
practices that promote access to the design 
and production of goods and knowledge. 
The term is most commonly applied to the 
source code of software that is available to 
the general public with relaxed or non- 
existent intellectual property restrictions. 
This allows users to create software con- 
tent through incremental individual effort 
or through collaboration." 

OK, I get that, but I'm not sure most 
enterprises are going to hack at an ESB, 
governance tool or data abstraction layer 
on their own. However, knowing that you 
could may carry some advantages and 
protections. Moreover, that also has a ten- 
dency to create a community, thus access 
to a bunch of smart people to assist you in 
getting your open source product to func- 
tion correctly. Clearly, there is value there. 

I think open source, when it comes to 
SOA, provides two major advantages. 

First, it's typically much less expen- 



sive than the tools and the technology 
that are proprietary. 

Second, the tools are typically much 
more simplistic and easier to understand 
and use. 

To the first point, SOA technology is 
expensive. I'm talking ESBs-that-cost-as- 
much-as-Bentleys expensive. Thus, any- 
thing that can reduce (or eliminate) costs 
makes good sense when con- 
sidered with the mix of tech- 
nology you need to build a 
SOA. Guys like XAware, for 
instance, with an open source 
data abstraction/data services 
layer, can provide you with key 
SOA technology at a very low 
price point. MuleSource is an 
example of an open source 
ESB player with a low price 
point as well, and there are 
other open source SOA players out there, 
all offering their wares at a discount. 

The argument that the larger players 
are making against open source SOA tools 
is that you get what you pay for. While this 
is true in some instances, it's mostly not 
true when it comes to SOA. Most of the 
open source SOA players that I see pro- 
vide many of the same features and func- 
tions, just in different ways. Once again, 
your requirements should come before 




you pick your technology. If an open 
source SOA player works as a solution, 
and you're comfortable with the company, 
the price should be a nice benefit as well. 
This does not mean, however, that 
open source tools are always the right 
solution. It means that you need to con- 
sider them in the mix, taking into account 
the benefits of using open source. Don't 
send me angry e-mails if your 
open source SOA provider 
misses the mark. That's on you. 
You need to figure out your 
requirements and test the darn 
thing before accepting it as a 
solution, proprietary or open. 

To the second point, sim- 
plicity. The open source SOA 
providers seem to take a 
much more rudimentary 
approach to SOA, and their 
tools seem to be much easier to under- 
stand and, in some cases, use. While 
some people want complex, powerful 
tools, the reality is that most SO As don't 
need them. If you're honest with the 
requirements of the project, you'll see 
that good enough is, well, good enough. 
As a result, you end up with less expen- 
sive technology that provides only a sub- 
set of the features and functions of the 
larger big stack players. If you don't need 



them, they only make things more com- 
plex, and SOA is complex enough as is. 

One of the major mistakes that SOA 
architects can make is to rely upon the 
big stack players to provide them with all 
of the components they need to build 
their SOA. While this seems like the most 
logical solution, the fact is that while the 
big SOA stack guys are able to provide 
the right technologies at some layers, 
they are typically the wrong technology at 
other layers. Again, requirements to tech- 
nology, not the other way around. 

At the same time I'm picking on the big 
stack SOA guys, there are those out there 
who are religious about open source and 
pick nothing else. Thus, they'll accept their 
inability to meet certain requirements of 
their SOA just to have the warm and fuzzy 
feeling that they can change the code at 
will. And, like the big stack mistake I men- 
tioned, they make the same mistake with 
open source. At least it is a less-expensive 
mistake, but it's a mistake nonetheless. 

SOA is an architecture. Thus, you 
need to consider all technologies that are 
right for your architecture, open source or 
not. In the world of SOA, open source 
SOA technology is having a huge impact. 
In many instances, open source SOA also 
brings tools to the project that are just 
right to solve the issues at hand. I 

David S. Linthicum is a managing part- 
ner at ZapThink. Reach him at 
david@zapthink. com. 
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RAD Isn't Rad? How SAD 



Industry Watch 
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After all the books that have been 
written, after all the technical articles 
and newspaper stories that have been 
published, we find out in this issue that 
the concept of "rapid application develop- 
ment" might not be relevant any longer to 
a discussion of software development. 

RAD, some argue, just isn't "rad" 
anymore. 

The story, written by my 
colleague Jeff Feinman, 
points out that when an alter- 
native was needed to bulky 
tools that couldn't readily 
facilitate changes to require- 
ments or code, RAD was a 
radical idea. Now, though, 
with a broad movement 
toward agile development 
processes for all develop- 
ment — including shorter iter- 
ations and life cycles, and application 
frameworks that accommodate plug-in 
tools for specific tasks — RAD can now 
be replaced by the acronym SAD — 
Simply Application Development. 

All of this gave me the idea to see 
what other concepts and terms that were 
so widely discussed and written about 
a few years ago have now been con- 
sumed by the ever-evolving nature of 
development. Three terms in particu- 
lar— CORBA, ebXML, MDA— came 
immediately to mind. 

These are but three concepts that I'm 
sure are near and dear to the hearts of 
those intrepid souls who continue to 
advance them (keep your letters polite, 
please), but that have faded off the 
bookshelves and out of the headlines in 
the years since they were touted as our 




industry's "next big thing." 

CORBA, the Common Object 
Request Broker Architecture, was 
designed as a way to get programs writ- 
ten in any language, residing on any net- 
work, to interact with one another. It 
was such a breakthrough, implementing 
the idea of separating the interface from 
the code and data, that it became the 
technology of choice for mes- 
saging middleware in the 
1990s. 

However, outside of the 
Object Management Group, 
which oversees the specifica- 
tion, see if you can find anyone 
who still discusses CORBA. I 
remember interviewing the 
fine folks at TIBCO a few 
years back, which used to 
identify itself as "the CORBA 
That didn't last: Its executives 
fell all over themselves convincing me 
that while TIBCO still offers CORBA- 
based products, that wasn't the compa- 
ny's go-to-market message any longer. 
And now, this very useful technology is 
so mainstreamed that it's just a standard 
part of messaging technology. There's no 
need to say that something is CORBA- 
based anymore. It's just there. 

ebXML was meant to facilitate elec- 
tronic trading relationships between 
business partners, according to a docu- 
ment on the ebXML.org Web site. 
Quoting from the book "ebXML: The 
New Global Standard for Doing Busi- 
ness Over the Internet": ebXML should 
"enable any company of any size in any 
industry to interact with any other com- 
pany of any size in any other industry." 



company. 



IBM, an early backer of ebXML, had 
page upon page of documentation regard- 
ing the specification on its Web site back 
in 2001; they still can be read today. BEA 
and other big players supported it, and 
there even was an open source effort to 
create an ebXML implementation. 

But now you don't hear the vendors 
pushing it, nor do you hear customers, 
especially those in the financial services 
sector, clamoring for it, as they did some 
five or six years ago. Where have they all 
gone? The more critical pieces of 
ebXML have been subsumed in the 
broader Web services specifications that 
ensure interoperability and security. 

Let's not forget MDA. Much ink and 
many pixels were spilled, in SD Times 
and elsewhere, writing about Model 
Driven Architecture. There has been 
uptake in very large organizations that 
require the ability to structure specifica- 
tions as models, but again, outside of 
OMG gatherings, I haven't heard any- 
one discussing MDA — either in a posi- 
tive or negative way. To some, it's way 
too complex to implement. To those that 
use it, it has simply become the way they 
engineer software. Companies don't tout 
the fact they're doing MDA anymore; 
they just create their software that way. 

The point is, good technology lives 
on, even if the buzz around it subsides. 
It doesn't have to be the hottest new 
thing or the next-best technology. Much 
like the actor Burt Reynolds has been 
able to find work long after the buzz sur- 
rounding his photo shoot in Playgirl and 
his marriage to bombshell Loni Ander- 
son have faded from memory, technolo- 
gies such as those discussed here will 
always exist, because they simply work. I 

David Rubinstein is editor-in-chief of 
SD Times. 
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The U.S. Securities and Exchange Commission (SEC) is one step 
closer to having a standardized system in place for financial 
reporting. The SEC announced on Sept. 25 that it had completed 
all development work on XBRL-formatted data tags that adhere to 
Generally Accepted Accounting Principles (GAAP). It must now 
pass a review for GAAP compliance by the Financial Accounting 
Foundation (FAF). Stakeholders including financial analysts, public 
company preparers and software providers will review the draft 
taxonomies before the SEC initiates a public review. The SEC did 
not say when it would mandate usage of XBRL, an open specifica- 
tion for software that uses XML tags to describe financial informa- 
tion . . . Adobe Systems announced earlier this month the acqui- 
sition of Massachusetts-based Virtual Ubiquity, developer of the 
online word processor Buzzword, for an undisclosed sum. Built 
with Adobe's Flex software and able to run in the Flash Player or 
on Adobe's AIR platform, Buzzword gives rich Internet applications 
greater document quality, page layout controls and advanced 
graphics integration, according to the Adobe announcement. The 
company also announced a free online document-sharing service 
called "Share" ... A prize pool of US$260,000 will be awarded at 
the 2008 TopCoder Open, with the finals to be held in May at the 
Mirage hotel in Las Vegas. First place in the algorithm competition 
and in software design will win $25,000, while the top spot in soft- 
ware development will win $15,000, among other categories. 



EARNINGS: Red Hat recently announced revenue of US$127.3 
million for its second fiscal quarter ended Aug. 31. Revenue rose 28 
percent from the same quarter in the prior year. Net income for the 
quarter was $18.2 million, or 9 cents per share, compared with 
$16.2 million, or 8 cents per share, a year ago. Among its mile- 
stones for the quarter, Red Hat said that more than 3,000 applica- 
tions have been certified on its Enterprise Linux platform. The 
company released a beta of its Red Hat Developer Studio, an 
Eclipse-based set of open source development tools, and released 
the JBoss Enterprise Application Platform 4.2. "We continue to 
see robust demand for our open source solutions and are encour- 
aged by our market position," said Charlie Peters, CFO at Red Hat, 
in a statement . . . Net income of US$4.6 million, or 2 cents per 
share, highlighted TIBCO Software's third fiscal quarter earnings 
report, for the period ended Sept. 2. The income was based on rev- 
enue of $135.1 million. For the same period in fiscal 2006, net 
income was $11.3 million, or 5 cents per share, on revenue of 
$120.4 million. The company cited the expenses associated with 
the acquisition of Spotfire Holdings as a reason for decline in prof- 
itability. "Although Q3 results weren't in line with what we project- 
ed, I remain confident in the strength of our technology and our 
ability to achieve profitable growth as we close out the year and for 
the long-term," said TIBCO chairman and CEO Vivek Ranadive in a 
statement. I 
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RED GATE 




www.businessofsoftware.org 




DevConnections 


Nov. 5-8 


Las Vegas 




DEVCONNECTIONS 




www.devconnections.com 




EclipseWorld 


Nov. 6-8 


Reston, Va. 




BZ MEDIA 




www.eclipseworld.net 




SC07 


Nov. 10-16 


Reno, Nev. 




IEEE 




sc07.supercomputing.org 




Oracle OpenWorld 


Nov. 11-15 


San Francisco 




ORACLE 




www.oracle.com/openworld/2007/index.html 


ApacheCon 


Nov. 12-16 


Atlanta 




APACHE SOFTWARE FOUNDATION 




www.us.apachecon.com 




XML 2007 


Dec. 3-5 


Boston 




IDEALLIANCE 




2007.xmlconference.org 





Agile Development Dec. 3-6 

Practices Conference 

Orlando, Fla. 

SOFTWARE QUALITY ENGINEERING 

www.sqe.com/agiledevpractices 



Macworld Conference 
SExpo 

San Francisco 
IDG WORLD EXPO 

www.macworldexpo.com 



Jan. 14-18 



Southern California 
Linux Expo 

Los Angeles 
SCALE INC. 

www.socallinuxexpo.org 



Feb. 8-10 



Game Developers 
Conference 

San Francisco 
CMP MEDIA 

www.gdconf.com 



Feb. 18-22 



For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Mw3°' MzpFarce 2003 - The premier data eonmtsion m transformation. 2ittf integration loaf. 



Give your data 

direction 



<2> 



ALTOVA* 



SOQB 
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Link up with MapFortt". and 
exchange data with ease, 

Spied in MapForce 2008; 

* ValueMap function for mapping 
numeric values to names* ste. 

■ Support for aggregate functions: 

JJM, M1N, MAX, AVG. STFMNG JOIN 

"nh anted options for XML output 



AUova* Map Force 2008, the award-winning data 
conversion, transformation, and integration tool, 
m3ke£ it easy to exchange data bet ween XML, data- 
bases, Mat files, EDI, and/or Web services. Simply 
dreg connecting lines from data sources la targets 
and drop in data -processing functions. WlapForce 
in slant ry converts the data or auto-generates a data 
Integration applies. ion for ioy ally-free use. Languages 
e generation include: XSLT 1,0, XSLT 2,0, 
BfQuery, Java, C++, and Ctt. Gel connected! 



wnfoad MapForce 20 0B today; wv/w,aHova,com 
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MBpF'orw is &I&6 mrtitable as parf nt tna ^alue- 
packfrd Amy** MlssfconKil ' sotlware bufkd 




SICK AND TIRED 



OF MANUAL TESTING 




TestComolete 



± automate your tests 



Test .NET Delphi Java 
Web Automated Windows Test Desktop 

Load Easy Vista Test Synchronized 

Fast Distributed Powerful Client/Server 

Time-to-Market Test BlackBox Automate 



| Record Test Checkpoints 
I Easy Grid Tests 



VM Better& Faster Web Tests 



Test Your 6^bit Apps 



SHU Test Your Web Services 




FREE TRIAL- DOWNLOAD NOW 
www.testcom plete.com 



Automated QA 

lest, d L fc b ll ^ , *i £ 1 c v e r ! 

702-891 -9424 



